[jboss-cvs] JBossAS SVN: r72308 - projects/ejb3/trunk/security/src/main/java/org/jboss/ejb3/security.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Wed Apr 16 13:32:22 EDT 2008
Author: anil.saldhana at jboss.com
Date: 2008-04-16 13:32:22 -0400 (Wed, 16 Apr 2008)
New Revision: 72308
Removed:
projects/ejb3/trunk/security/src/main/java/org/jboss/ejb3/security/AuthenticationInterceptorFactory.java
projects/ejb3/trunk/security/src/main/java/org/jboss/ejb3/security/Ejb3AuthenticationInterceptorv2.java
projects/ejb3/trunk/security/src/main/java/org/jboss/ejb3/security/Ejb3PolicyConfigurationFactory.java
projects/ejb3/trunk/security/src/main/java/org/jboss/ejb3/security/PerClassAspectFactoryAdaptor.java
projects/ejb3/trunk/security/src/main/java/org/jboss/ejb3/security/RoleBasedAuthorizationInterceptorFactory.java
projects/ejb3/trunk/security/src/main/java/org/jboss/ejb3/security/RoleBasedAuthorizationInterceptorv2.java
projects/ejb3/trunk/security/src/main/java/org/jboss/ejb3/security/RunAsSecurityInterceptorFactory.java
projects/ejb3/trunk/security/src/main/java/org/jboss/ejb3/security/RunAsSecurityInterceptorv2.java
projects/ejb3/trunk/security/src/main/java/org/jboss/ejb3/security/SecurityHelper.java
Log:
EJBTHREE-1296:delete the classes that have reliance on Container
Deleted: projects/ejb3/trunk/security/src/main/java/org/jboss/ejb3/security/AuthenticationInterceptorFactory.java
===================================================================
--- projects/ejb3/trunk/security/src/main/java/org/jboss/ejb3/security/AuthenticationInterceptorFactory.java 2008-04-16 17:32:07 UTC (rev 72307)
+++ projects/ejb3/trunk/security/src/main/java/org/jboss/ejb3/security/AuthenticationInterceptorFactory.java 2008-04-16 17:32:22 UTC (rev 72308)
@@ -1,51 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2006, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.ejb3.security;
-
-import org.jboss.aop.Advisor;
-import org.jboss.aop.advice.AspectFactory;
-import org.jboss.ejb3.Container;
-import org.jboss.ejb3.EJBContainer;
-import org.jboss.logging.Logger;
-import org.jboss.security.AuthenticationManager;
-
-/**
- * Authentication Interceptor Factory
- * @author bill.burke at jboss.org
- * @author Anil.Saldhana at redhat.com
- */
-public class AuthenticationInterceptorFactory extends PerClassAspectFactoryAdaptor
-implements AspectFactory
-{
- private static final Logger log = Logger.getLogger(AuthenticationInterceptorFactory.class);
-
- public Object createPerClass(Advisor advisor)
- {
- Container container = EJBContainer.getEJBContainer(advisor);
- AuthenticationManager manager = container.getSecurityManager(AuthenticationManager.class);
- log.debug("Creating interceptor with authentication manager '" + manager + "'" + (manager != null ? " (security domain '" + manager.getSecurityDomain() + "')" : ""));
- //return new Ejb3AuthenticationInterceptor(manager, container);
-
- return new Ejb3AuthenticationInterceptorv2(container);
- }
-}
-
Deleted: projects/ejb3/trunk/security/src/main/java/org/jboss/ejb3/security/Ejb3AuthenticationInterceptorv2.java
===================================================================
--- projects/ejb3/trunk/security/src/main/java/org/jboss/ejb3/security/Ejb3AuthenticationInterceptorv2.java 2008-04-16 17:32:07 UTC (rev 72307)
+++ projects/ejb3/trunk/security/src/main/java/org/jboss/ejb3/security/Ejb3AuthenticationInterceptorv2.java 2008-04-16 17:32:22 UTC (rev 72308)
@@ -1,169 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2007, JBoss Inc., and individual contributors as indicated
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.ejb3.security;
-
-import java.lang.reflect.Method;
-
-import javax.ejb.EJBAccessException;
-import javax.security.auth.Subject;
-
-import org.jboss.aop.advice.Interceptor;
-import org.jboss.aop.joinpoint.Invocation;
-import org.jboss.aop.joinpoint.MethodInvocation;
-import org.jboss.ejb3.Container;
-import org.jboss.ejb3.EJBContainer;
-import org.jboss.ejb3.annotation.SecurityDomain;
-import org.jboss.logging.Logger;
-import org.jboss.security.RunAs;
-import org.jboss.security.SecurityContext;
-import org.jboss.security.SecurityUtil;
-import org.jboss.security.integration.JNDIBasedSecurityManagement;
-import org.jboss.security.integration.ejb.EJBAuthenticationHelper;
-
-//$Id$
-
-/**
- * Authentication Interceptor
- * @author <a href="mailto:bill at jboss.org">Bill Burke</a>
- * @author Anil.Saldhana at redhat.com
- * @since Aug 16, 2007
- * @version $Revision$
- */
-public class Ejb3AuthenticationInterceptorv2 implements Interceptor
-{
- protected Logger log = Logger.getLogger(this.getClass());
- private EJBContainer container;
-
- public Ejb3AuthenticationInterceptorv2(Container container)
- {
- this.container = (EJBContainer) container;
- }
-
- public String getName()
- {
- return getClass().getName();
- }
-
- public Object invoke(Invocation invocation) throws Throwable
- {
- //Check for ejbTimeOutCallback or ejbTimeOut method
- SecurityHelper shelper = new SecurityHelper();
- MethodInvocation mi = (MethodInvocation) invocation;
- Method method = mi.getMethod();
- if(shelper.isEJBTimeOutCallback(method) ||
- shelper.containsTimeoutAnnotation(container, method) ||
- shelper.isMDB(container))
- return invocation.invokeNext();
-
- SecurityContext prevSC = SecurityActions.getSecurityContext();
- SecurityContext invSC = (SecurityContext) invocation.getMetaData("security","context");
-
- SecurityDomain domain = container.getAnnotation(SecurityDomain.class);
-
- boolean domainExists = domain != null && domain.value() != null
- && domain.value().length() > 0;
-
- /**
- * TODO: Decide if you want to allow zero security based on non-availability
- * of a security domain, as per the configuration on the container
- */
- if(domainExists)
- {
- String domainValue = canonicalizeSecurityDomain(domain.value());
-
- /* Need to establish the security context. For local calls, we pick the outgoing runas
- * of the existing sc. For remote calls, we create a new security context with the information
- * from the invocation sc
- */
- SecurityContext sc = null;
-
- sc = SecurityActions.createSecurityContext(domainValue);
-
- if(shelper.isLocalCall(mi))
- {
- if(prevSC == null)
- throw new IllegalStateException("Local Call: Security Context is null");
- populateSecurityContext(sc, prevSC);
- }
- else
- {
- //Remote Invocation
- if(invSC == null)
- throw new IllegalStateException("Remote Call: Invocation Security Context is null");
-
- populateSecurityContext(sc, invSC);
- }
-
- SecurityActions.setSecurityContext(sc);
-
- //TODO: Need to get the SecurityManagement instance
- sc.setSecurityManagement(new JNDIBasedSecurityManagement());
-
- //Check if there is a RunAs configured and can be trusted
- EJBAuthenticationHelper helper = new EJBAuthenticationHelper(sc);
- boolean trustedCaller = helper.isTrusted();
- if(!trustedCaller)
- {
- Subject subject = new Subject();
- //Authenticate the caller now
- if(!helper.isValid(subject, method.getName()))
- throw new EJBAccessException("Invalid User");
- helper.pushSubjectContext(subject);
- }
- else
- {
- //Trusted caller. No need for authentication. Straight to authorization
- }
- }
- else
- {
- //domain == null
- /**
- * Special Case when a bean with no security domain defined comes with a security
- * context attached.
- */
- if(invSC != null)
- {
- SecurityActions.setSecurityContext(invSC);
- }
- }
- try
- {
- return invocation.invokeNext();
- }
- finally
- {
- SecurityActions.setSecurityContext(prevSC);
- }
- }
-
- private String canonicalizeSecurityDomain(String securityDomain)
- {
- return SecurityUtil.unprefixSecurityDomain(securityDomain);
- }
-
- private void populateSecurityContext(SecurityContext to, SecurityContext from)
- {
- SecurityActions.setSubjectInfo(to, from.getSubjectInfo());
- SecurityActions.setIncomingRunAs(to, from.getOutgoingRunAs());
- }
-}
\ No newline at end of file
Deleted: projects/ejb3/trunk/security/src/main/java/org/jboss/ejb3/security/Ejb3PolicyConfigurationFactory.java
===================================================================
--- projects/ejb3/trunk/security/src/main/java/org/jboss/ejb3/security/Ejb3PolicyConfigurationFactory.java 2008-04-16 17:32:07 UTC (rev 72307)
+++ projects/ejb3/trunk/security/src/main/java/org/jboss/ejb3/security/Ejb3PolicyConfigurationFactory.java 2008-04-16 17:32:22 UTC (rev 72308)
@@ -1,195 +0,0 @@
-/*
- * JBoss, the OpenSource J2EE WebOS
- *
- * Distributable under LGPL license.
- * See terms of license at gnu.org.
- */
-package org.jboss.ejb3.security;
-
-import java.security.SecurityPermission;
-import java.security.AccessController;
-import java.security.PrivilegedExceptionAction;
-import java.security.PrivilegedActionException;
-
-import javax.security.jacc.PolicyContextException;
-import javax.security.jacc.PolicyConfiguration;
-import javax.security.jacc.PolicyConfigurationFactory;
-
-import org.jboss.logging.Logger;
-
-/**
- * @author Scott.Stark at jboss.org
- * @author Ron Monzillo, Gary Ellison (javadoc)
- * @version $Revision$
- */
-public abstract class Ejb3PolicyConfigurationFactory
-{
- private static final Logger log = Logger.getLogger(Ejb3PolicyConfigurationFactory.class);
-
- /** The standard name of the system property specifying the JACC
- PolicyConfigurationFactory implementation class name.
- */
- private static final String FACTORY_PROP =
- "javax.security.jacc.PolicyConfigurationFactory.provider";
- /** The default PolicyConfigurationFactory implementation */
- private static final String DEFAULT_FACTORY_NAME =
- "org.jboss.security.jacc.JBossPolicyConfigurationFactory";
- /** The loaded PolicyConfigurationFactory provider */
- private static PolicyConfigurationFactory factory;
-
- /** This static method uses the javax.security.jacc.PolicyConfigurationFactory.provider
- * system property to create a provider factory implementation. The provider
- * class must provide a public no-arg ctor.
- *
- * @return the PolicyConfigurationFactory singleton
- * @throws SecurityException - when the caller does not have a
- * SecurityPermission(setPolicy) permission.
- * @throws ClassNotFoundException - when the class named by the system
- * property could not be found or because the value of the system
- * property is null.
- * @throws PolicyContextException - if the PolicyConfigurationFactory ctor
- * throws an exception other than those in the getPolicyConfigurationFactory
- * method signature. The exception will be encapsulated in a
- * PolicyContextException as its cause.
- */
- public static PolicyConfigurationFactory getPolicyConfigurationFactory()
- throws ClassNotFoundException, PolicyContextException
- {
-
- // Validate the caller permission
- SecurityManager sm = System.getSecurityManager();
- if (sm != null)
- sm.checkPermission(new SecurityPermission("setPolicy"));
-
- if (factory == null)
- {
- String factoryName = null;
- Class clazz = null;
- try
- {
- LoadAction action = new LoadAction();
- try
- {
- clazz = (Class) AccessController.doPrivileged(action);
- factoryName = action.getName();
- }
- catch (PrivilegedActionException ex)
- {
- ex.printStackTrace();
- factoryName = action.getName();
- Exception e = ex.getException();
- if (e instanceof ClassNotFoundException)
- throw (ClassNotFoundException) e;
- else
- throw new PolicyContextException("Failure during load of class: "+action.getName(), e);
- }
-
- factory = (PolicyConfigurationFactory) clazz.newInstance();
- }
- catch (ClassNotFoundException e)
- {
- String msg = "Failed to find PolicyConfigurationFactory : " + factoryName;
- throw new ClassNotFoundException(msg, e);
- }
- catch (IllegalAccessException e)
- {
- String msg = "Unable to access class : " + factoryName;
- throw new PolicyContextException(msg, e);
- }
- catch (InstantiationException e)
- {
- String msg = "Failed to create instance of: " + factoryName;
- throw new PolicyContextException(msg, e);
- }
- catch (ClassCastException e)
- {
- StringBuffer msg = new StringBuffer(factoryName + " Is not a PolicyConfigurationFactory, ");
- msg.append("PCF.class.CL: "+Ejb3PolicyConfigurationFactory.class.getClassLoader());
- msg.append("\nPCF.class.CS: "+Ejb3PolicyConfigurationFactory.class.getProtectionDomain().getCodeSource());
- msg.append("\nPCF.class.hash: "+System.identityHashCode(Ejb3PolicyConfigurationFactory.class));
- msg.append("\nclazz.CL: "+clazz.getClassLoader());
- msg.append("\nclazz.CS: "+clazz.getProtectionDomain().getCodeSource());
- msg.append("\nclazz.super.CL: "+clazz.getSuperclass().getClassLoader());
- msg.append("\nclazz.super.CS: "+clazz.getSuperclass().getProtectionDomain().getCodeSource());
- msg.append("\nclazz.super.hash: "+System.identityHashCode(clazz.getSuperclass()));
- ClassCastException cce = new ClassCastException(msg.toString());
- cce.initCause(e);
- }
- }
- return factory;
- }
-
- /** This method is used to obtain an instance of the provider specific class
- * that implements the PolicyConfiguration interface that corresponds to the
- * identified policy context within the provider. The methods of the
- * PolicyConfiguration interface are used to define the policy statements of
- * the identified policy context.
- *
- * If at the time of the call, the identified policy context does not exist
- * in the provider, then the policy context will be created in the provider
- * and the Object that implements the context's PolicyConfiguration Interface
- * will be returned. If the state of the identified context is "deleted" or
- * "inService" it will be transitioned to the "open" state as a result of the
- * call. The states in the lifecycle of a policy context are defined by the
- * PolicyConfiguration interface.
- *
- * For a given value of policy context identifier, this method must always
- * return the same instance of PolicyConfiguration and there must be at most
- * one actual instance of a PolicyConfiguration with a given policy context
- * identifier (during a process context).
- *
- * To preserve the invariant that there be at most one PolicyConfiguration
- * object for a given policy context, it may be necessary for this method to
- * be thread safe.
- *
- * @param contextID - the policy context ID indicates which
- * PolicyConfiguration to return. This must not be null.
- * @param remove - A boolean flag that establishes whether or not the policy
- * statements of an existing policy context are to be removed before its
- * PolicyConfiguration object is returned. If the value passed to this
- * parameter is true, the policy statements of an existing policy context
- * will be removed. If the value is false, they will not be removed.
- * @return a PolicyConfiguration instance
- * @throws PolicyContextException
- */
- public abstract PolicyConfiguration getPolicyConfiguration(String contextID,
- boolean remove)
- throws PolicyContextException;
-
- /** This method determines if the identified policy context exists with state
- * "inService" in the Policy provider associated with the factory.
- *
- * @param contextID - the context ID for selecting the policy
- * @return true if the identified policy context exists within the provider
- * and its state is "inService", false otherwise.
- * @throws PolicyContextException
- */
- public abstract boolean inService(String contextID)
- throws PolicyContextException;
-
- /** A PrivilegedExceptionAction that looks up the class name identified
- * by the javax.security.jacc.PolicyConfigurationFactory.provider system
- * property and loads the class using the thread context class loader.
- */
- private static class LoadAction implements PrivilegedExceptionAction
- {
- private String name;
- public String getName()
- {
- return name;
- }
- public Object run()
- throws Exception
- {
- name = System.getProperty(FACTORY_PROP);
- if( name == null )
- {
- // Use the default factory impl
- name = DEFAULT_FACTORY_NAME;
- }
- ClassLoader loader = Thread.currentThread().getContextClassLoader();
- Class factoryClass = loader.loadClass(name);
- return factoryClass;
- }
- }
-}
Deleted: projects/ejb3/trunk/security/src/main/java/org/jboss/ejb3/security/PerClassAspectFactoryAdaptor.java
===================================================================
--- projects/ejb3/trunk/security/src/main/java/org/jboss/ejb3/security/PerClassAspectFactoryAdaptor.java 2008-04-16 17:32:07 UTC (rev 72307)
+++ projects/ejb3/trunk/security/src/main/java/org/jboss/ejb3/security/PerClassAspectFactoryAdaptor.java 2008-04-16 17:32:22 UTC (rev 72308)
@@ -1,70 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2007, JBoss Inc., and individual contributors as indicated
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.ejb3.security;
-
-import org.jboss.aop.Advisor;
-import org.jboss.aop.InstanceAdvisor;
-import org.jboss.aop.advice.AspectFactory;
-import org.jboss.aop.joinpoint.Joinpoint;
-
-//$Id$
-
-/**
- * Adaptor class that throws Runtime Exception
- * for all Non_PerClass create requests
- * @author Anil.Saldhana at redhat.com
- * @since Aug 14, 2007
- * @version $Revision$
- */
-public abstract class PerClassAspectFactoryAdaptor implements AspectFactory
-{
- private RuntimeException rte = new RuntimeException("Only PER_CLASS supported in " +
- "this interceptor factory");
-
- public abstract Object createPerClass(Advisor advisor);
-
- public Object createPerInstance(Advisor advisor, InstanceAdvisor instanceAdvisor)
- {
- throw rte;
- }
-
- public Object createPerJoinpoint(Advisor advisor, Joinpoint jp)
- {
- throw rte;
- }
-
- public Object createPerJoinpoint(Advisor advisor,
- InstanceAdvisor instanceAdvisor, Joinpoint jp)
- {
- throw rte;
- }
-
- public Object createPerVM()
- {
- throw rte;
- }
-
- public String getName()
- {
- return getClass().getName();
- }
-}
Deleted: projects/ejb3/trunk/security/src/main/java/org/jboss/ejb3/security/RoleBasedAuthorizationInterceptorFactory.java
===================================================================
--- projects/ejb3/trunk/security/src/main/java/org/jboss/ejb3/security/RoleBasedAuthorizationInterceptorFactory.java 2008-04-16 17:32:07 UTC (rev 72307)
+++ projects/ejb3/trunk/security/src/main/java/org/jboss/ejb3/security/RoleBasedAuthorizationInterceptorFactory.java 2008-04-16 17:32:22 UTC (rev 72308)
@@ -1,55 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2006, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.ejb3.security;
-
-import java.security.CodeSource;
-
-import org.jboss.aop.Advisor;
-import org.jboss.aop.advice.AspectFactory;
-import org.jboss.ejb3.EJBContainer;
-import org.jboss.ejb3.annotation.SecurityDomain;
-
-/**
- * Role Based AuthorizationInterceptor factory
- * @author <a href="mailto:bill at jboss.org">Bill Burke</a>
- * @author Anil.Saldhana at jboss.org
- * @version $Revision$
- *
- */
-public class RoleBasedAuthorizationInterceptorFactory extends PerClassAspectFactoryAdaptor
-implements AspectFactory
-{
-
- public Object createPerClass(Advisor advisor)
- {
- // Must be a separate line (EJBContainer cannot be dereferenced)
- EJBContainer container = EJBContainer.getEJBContainer(advisor);
- SecurityDomain securityAnnotation = (SecurityDomain) advisor.resolveAnnotation(SecurityDomain.class);
-
- //If there is no annotation, return a null action interceptor
- if(securityAnnotation == null)
- return new NullInterceptor();
- CodeSource ejbCS = advisor.getClazz().getProtectionDomain().getCodeSource();
- String ejbName = container.getEjbName();
- return new RoleBasedAuthorizationInterceptorv2(container, ejbCS, ejbName);
- }
-}
\ No newline at end of file
Deleted: projects/ejb3/trunk/security/src/main/java/org/jboss/ejb3/security/RoleBasedAuthorizationInterceptorv2.java
===================================================================
--- projects/ejb3/trunk/security/src/main/java/org/jboss/ejb3/security/RoleBasedAuthorizationInterceptorv2.java 2008-04-16 17:32:07 UTC (rev 72307)
+++ projects/ejb3/trunk/security/src/main/java/org/jboss/ejb3/security/RoleBasedAuthorizationInterceptorv2.java 2008-04-16 17:32:22 UTC (rev 72308)
@@ -1,204 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2006, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.ejb3.security;
-
-import java.lang.reflect.Method;
-import java.security.CodeSource;
-import java.security.Principal;
-import java.util.HashSet;
-import java.util.Map;
-import java.util.Set;
-
-import javax.annotation.security.DenyAll;
-import javax.annotation.security.PermitAll;
-import javax.annotation.security.RolesAllowed;
-import javax.ejb.EJBAccessException;
-
-import org.jboss.aop.advice.Interceptor;
-import org.jboss.aop.joinpoint.Invocation;
-import org.jboss.aop.joinpoint.MethodInvocation;
-import org.jboss.aspects.remoting.InvokeRemoteInterceptor;
-import org.jboss.ejb3.Container;
-import org.jboss.ejb3.EJBContainer;
-import org.jboss.ejb3.annotation.SecurityDomain;
-import org.jboss.logging.Logger;
-import org.jboss.metadata.ejb.jboss.JBossAssemblyDescriptorMetaData;
-import org.jboss.remoting.InvokerLocator;
-import org.jboss.security.AnybodyPrincipal;
-import org.jboss.security.NobodyPrincipal;
-import org.jboss.security.RunAs;
-import org.jboss.security.SecurityContext;
-import org.jboss.security.SecurityRolesAssociation;
-import org.jboss.security.SimplePrincipal;
-import org.jboss.security.integration.ejb.EJBAuthorizationHelper;
-
-/**
- * The RoleBasedAuthorizationInterceptor checks that the caller principal is
- * authorized to call a method by verifing that it contains at least one
- * of the required roled.
- *
- * @author <a href="bill at jboss.org">Bill Burke</a>
- * @author Anil.Saldhana at redhat.com
- * @version $Revision: 62539 $
- */
-public final class RoleBasedAuthorizationInterceptorv2 implements Interceptor
-{
- private static final Logger log = Logger.getLogger(RoleBasedAuthorizationInterceptorv2.class);
-
- private EJBContainer container;
-
- private CodeSource ejbCS;
-
- private String ejbName;
-
- public RoleBasedAuthorizationInterceptorv2(Container container,
- CodeSource ejbCS, String ejbName)
- {
- this.container = (EJBContainer)container;
- this.ejbCS = ejbCS;
- this.ejbName = ejbName;
- }
-
- protected Set<Principal> getRoleSet(Invocation invocation)
- {
- Method method = ((MethodInvocation)invocation).getActualMethod();
-
- Class<?>[] classes = new Class[]{DenyAll.class, PermitAll.class, RolesAllowed.class};
-
- Object annotation = container.resolveAnnotation(method, classes);
-
- int classIndex = 0;
- while (annotation == null && classIndex < 3)
- {
- annotation = container.resolveAnnotation(classes[classIndex++]);
- }
-
- HashSet<Principal> set = new HashSet<Principal>();
- if (annotation != null)
- {
- if (annotation instanceof DenyAll)
- {
- set.add(NobodyPrincipal.NOBODY_PRINCIPAL);
- }
- else if (annotation instanceof PermitAll)
- {
- set.add(AnybodyPrincipal.ANYBODY_PRINCIPAL);
- }
- else if (annotation instanceof RolesAllowed)
- {
- RolesAllowed permissions = (RolesAllowed) annotation;
- for (int i = 0; i < permissions.value().length; i++)
- {
- set.add(new SimplePrincipal(permissions.value()[i]));
- }
- }
- else
- set.add(AnybodyPrincipal.ANYBODY_PRINCIPAL);
- }
- else
- set.add(AnybodyPrincipal.ANYBODY_PRINCIPAL);
-
- return set;
- }
-
- public Object invoke(Invocation invocation) throws Throwable
- {
- //Set the JACC ContextID
- String contextID = container.getJaccContextId();
- SecurityActions.setContextID(contextID);
-
- MethodInvocation mi = (MethodInvocation)invocation;
- //Check for ejbTimeOut
- SecurityHelper shelper = new SecurityHelper();
- Method method = mi.getMethod();
- if(shelper.isEJBTimeOutCallback(method) ||
- shelper.containsTimeoutAnnotation(container, method) ||
- shelper.isMDB(container))
- return invocation.invokeNext();
-
- try
- {
- SecurityDomain domain = (SecurityDomain)container.resolveAnnotation(SecurityDomain.class);
-
- boolean domainExists = domain != null && domain.value() != null
- && domain.value().length() > 0;
-
- if(domainExists)
- {
- SecurityContext sc = SecurityActions.getSecurityContext();
- if(sc == null)
- throw new IllegalStateException("Security Context has not been set");
- Set<Principal> methodRoles = getRoleSet(invocation);
- if (methodRoles == null)
- {
- /*
- REVISIT: for better message
- String message = "No method permissions assigned. to " +
- "method=" + invocation.getMethod().getName() +
- ", interface=" + invocation.getType();
- */
- String message = "No method permissions assigned.";
- log.error(message);
- throw new SecurityException(message);
- }
-
- //Specify any Deployment Level Mapping of Principal - role names
- JBossAssemblyDescriptorMetaData jmd = container.getAssemblyDescriptor();
- if(jmd != null)
- {
- Map<String,Set<String>> principalRoleMap = jmd.getPrincipalVersusRolesMap();
- SecurityRolesAssociation.setSecurityRoles(principalRoleMap);
- }
- InvokerLocator locator = (InvokerLocator) invocation.getMetaData(InvokeRemoteInterceptor.REMOTING,
- InvokeRemoteInterceptor.INVOKER_LOCATOR);
-
- String iface = (locator != null) ? "Remote" : "Local";
-
- RunAs callerRunAs = SecurityActions.peekRunAs();
-
- EJBAuthorizationHelper helper = new EJBAuthorizationHelper(sc);
- boolean isAuthorized = helper.authorize(ejbName,
- mi.getMethod(),
- sc.getUtil().getUserPrincipal(),
- iface,
- ejbCS,
- sc.getUtil().getSubject(),
- callerRunAs,
- methodRoles);
- if(!isAuthorized)
- throw new EJBAccessException("Caller unauthorized");
- }
- return invocation.invokeNext();
- }
- catch (SecurityException throwable)
- {
- log.debug("Authorization failure", throwable);
- throw new EJBAccessException("Authorization failure");
- } finally {
- }
- }
-
- public String getName()
- {
- return getClass().getName();
- }
-}
Deleted: projects/ejb3/trunk/security/src/main/java/org/jboss/ejb3/security/RunAsSecurityInterceptorFactory.java
===================================================================
--- projects/ejb3/trunk/security/src/main/java/org/jboss/ejb3/security/RunAsSecurityInterceptorFactory.java 2008-04-16 17:32:07 UTC (rev 72307)
+++ projects/ejb3/trunk/security/src/main/java/org/jboss/ejb3/security/RunAsSecurityInterceptorFactory.java 2008-04-16 17:32:22 UTC (rev 72308)
@@ -1,114 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2006, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.ejb3.security;
-
-import java.util.HashSet;
-import java.util.Set;
-
-import javax.annotation.security.RunAs;
-import javax.naming.InitialContext;
-import javax.naming.NamingException;
-
-import org.jboss.aop.Advisor;
-import org.jboss.aop.advice.AspectFactory;
-import org.jboss.aop.advice.Interceptor;
-import org.jboss.ejb3.EJBContainer;
-import org.jboss.ejb3.annotation.SecurityDomain;
-import org.jboss.ejb3.tx.NullInterceptor;
-import org.jboss.logging.Logger;
-import org.jboss.metadata.ejb.jboss.JBossAssemblyDescriptorMetaData;
-import org.jboss.metadata.ejb.jboss.JBossEnterpriseBeanMetaData;
-import org.jboss.metadata.ejb.spec.SecurityIdentityMetaData;
-import org.jboss.security.AuthenticationManager;
-import org.jboss.security.RealmMapping;
-import org.jboss.security.RunAsIdentity;
-
-/**
- * RunAs interceptor factory
- * @author <a href="mailto:bill at jboss.org">Bill Burke</a>
- * @author Anil.Saldhana at jboss.org
- * @version $Revision$
- */
-public class RunAsSecurityInterceptorFactory extends PerClassAspectFactoryAdaptor
-implements AspectFactory
-{
- @SuppressWarnings("unused")
- private static final Logger log = Logger.getLogger(RunAsSecurityInterceptorFactory.class);
-
- protected RunAsIdentity getRunAsIdentity(EJBContainer container)
- {
- RunAs runAs = (RunAs) container.resolveAnnotation(RunAs.class);
- if (runAs == null)
- return null;
-
- String runAsPrincipal = runAs.value();
-
- JBossEnterpriseBeanMetaData jbEnterpriseBeanMetaData = container.getXml();
- if(jbEnterpriseBeanMetaData != null)
- {
- SecurityIdentityMetaData securityIdentity = jbEnterpriseBeanMetaData.getSecurityIdentity();
- if(securityIdentity.isUseCallerId())
- return null; //Overriden in xml
- runAsPrincipal = securityIdentity.getRunAsPrincipal();
- }
-
- Set<String> extraRoles = new HashSet<String>();
-
- JBossAssemblyDescriptorMetaData ad = container.getAssemblyDescriptor();
- if(ad != null && runAsPrincipal != null)
- {
- extraRoles.addAll(ad.getSecurityRoleNamesByPrincipal(runAsPrincipal));
- }
-
- return new RunAsIdentity(runAs.value(), runAsPrincipal, extraRoles);
-
- }
-
-
- public Object createPerClass(Advisor advisor)
- {
- EJBContainer container = EJBContainer.getEJBContainer(advisor);
-
- Object domain = null;
- try
- {
- InitialContext ctx = container.getInitialContext();
- SecurityDomain securityDomain = (SecurityDomain) advisor.resolveAnnotation(SecurityDomain.class);
- if (securityDomain != null)
- {
- String domainName = securityDomain.value();
- domain = SecurityDomainManager.getSecurityManager(domainName, ctx);
- }
- }
- catch (NamingException e)
- {
- throw new RuntimeException(e);
- }
-
- Interceptor interceptor = new NullInterceptor();
- if (domain != null)
- {
- interceptor = new RunAsSecurityInterceptorv2(container, getRunAsIdentity(container));
- }
- return interceptor;
- }
-}
Deleted: projects/ejb3/trunk/security/src/main/java/org/jboss/ejb3/security/RunAsSecurityInterceptorv2.java
===================================================================
--- projects/ejb3/trunk/security/src/main/java/org/jboss/ejb3/security/RunAsSecurityInterceptorv2.java 2008-04-16 17:32:07 UTC (rev 72307)
+++ projects/ejb3/trunk/security/src/main/java/org/jboss/ejb3/security/RunAsSecurityInterceptorv2.java 2008-04-16 17:32:22 UTC (rev 72308)
@@ -1,132 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2006, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.ejb3.security;
-
-import org.jboss.aop.advice.Interceptor;
-import org.jboss.aop.joinpoint.Invocation;
-import org.jboss.aop.joinpoint.MethodInvocation;
-import org.jboss.ejb3.EJBContainer;
-import org.jboss.ejb3.SecurityActions;
-import org.jboss.ejb3.annotation.SecurityDomain;
-import org.jboss.logging.Logger;
-import org.jboss.security.RunAsIdentity;
-import org.jboss.security.SecurityContext;
-import org.jboss.security.plugins.SecurityContextAssociation;
-
-/**
- * An interceptor that enforces the run-as identity declared by a bean.
- *
- * @author <a href="mailto:bill at jboss.org">Bill Burke</a>.
- * @author Anil.Saldhana at redhat.com
- * @version $Revision: 61914 $
- */
-public class RunAsSecurityInterceptorv2 implements Interceptor
-{
- private static final Logger log = Logger.getLogger(RunAsSecurityInterceptorv2.class);
- private RunAsIdentity runAsIdentity;
- private EJBContainer container;
-
- public RunAsSecurityInterceptorv2(EJBContainer container, RunAsIdentity id)
- {
- this.runAsIdentity = id;
- this.container = container;
- }
-
- protected RunAsIdentity getRunAsIdentity(Invocation invocation)
- {
- MethodInvocation mi = (MethodInvocation)invocation;
- return runAsIdentity;
- }
-
- /*public Object invoke(Invocation invocation) throws Throwable
- {
- Subject previousSubject = null;
- try
- {
- RunAsIdentity runAsIdentity = getRunAsIdentity(invocation);
- SecurityActions.pushRunAs(runAsIdentity);
-
- runAsIdentity = SecurityActions.peekRunAsIdentity(1);
- if (runAsIdentity != null)
- {
- previousSubject = SecurityActions.getActiveSubject();
- Set newPrincipals = runAsIdentity.getPrincipalsSet();
- Subject newSubject = new Subject(false, newPrincipals, new HashSet(), new HashSet());
- SecurityAssociation.setSubject(newSubject);
- }
-
- return invocation.invokeNext();
- }
- finally
- {
- if (previousSubject != null)
- SecurityAssociation.setSubject(previousSubject);
-
- SecurityActions.popRunAs();
- }
- }
-*/
-
- public Object invoke(Invocation invocation) throws Throwable
- {
- //Check for ejbTimeOut
- SecurityHelper shelper = new SecurityHelper();
- if(shelper.isEJBTimeOutCallback(((MethodInvocation) invocation).getMethod()))
- return invocation.invokeNext();
-
- SecurityContext sc = SecurityActions.getSecurityContext();
- /**
- * If Existing SecurityContext is null, it means that we have not gone
- * through AuthenticationInterceptor. This is probably because
- * we are an MDB. So create a new SecurityContext
- */
- if(sc == null)
- {
- SecurityDomain domain = (SecurityDomain)container.resolveAnnotation(SecurityDomain.class);
- if(domain != null)
- {
- sc = SecurityActions.createSecurityContext(domain.value());
- SecurityContextAssociation.setSecurityContext(sc);
- }
- }
-
- if(sc != null)
- {
- sc.setOutgoingRunAs(runAsIdentity);
- }
- try
- {
- return invocation.invokeNext();
- }
- finally
- {
- if(sc != null)
- SecurityActions.popRunAs();
- }
- }
-
-
- public String getName()
- {
- return getClass().getName();
- }
-}
Deleted: projects/ejb3/trunk/security/src/main/java/org/jboss/ejb3/security/SecurityHelper.java
===================================================================
--- projects/ejb3/trunk/security/src/main/java/org/jboss/ejb3/security/SecurityHelper.java 2008-04-16 17:32:07 UTC (rev 72307)
+++ projects/ejb3/trunk/security/src/main/java/org/jboss/ejb3/security/SecurityHelper.java 2008-04-16 17:32:22 UTC (rev 72308)
@@ -1,101 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2007, JBoss Inc., and individual contributors as indicated
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.ejb3.security;
-
-import java.lang.reflect.Method;
-
-import javax.ejb.TimedObject;
-import javax.ejb.Timeout;
-import javax.ejb.Timer;
-
-import org.jboss.aop.joinpoint.MethodInvocation;
-import org.jboss.ejb3.Container;
-import org.jboss.ejb3.EJBContainer;
-import org.jboss.ejb3.mdb.MessagingContainer;
-import org.jboss.ejb3.remoting.IsLocalInterceptor;
-import org.jboss.remoting.InvokerLocator;
-import org.jboss.aspects.remoting.InvokeRemoteInterceptor;
-
-//$Id$
-
-/**
- * Helper class for the EJB3 Security Interceptors
- * @author Anil.Saldhana at redhat.com
- * @since Aug 23, 2007
- * @version $Revision$
- */
-public class SecurityHelper
-{
- /**
- * Check whether an invocation is local or remote
- * @param mi method invocation
- * @return true - local call
- */
- public boolean isLocalCall(MethodInvocation mi)
- {
- InvokerLocator locator = (InvokerLocator) mi.getMetaData(InvokeRemoteInterceptor.REMOTING, InvokeRemoteInterceptor.INVOKER_LOCATOR);
- return locator == null ||
- mi.getMetaData(IsLocalInterceptor.IS_LOCAL,IsLocalInterceptor.IS_LOCAL) != null;
- }
-
- /**
- * Check if the method is an EJBTimeOut method
- * @param m method
- * @return true if it is a ejb timeout callback
- */
- public boolean isEJBTimeOutCallback(Method m)
- {
- /** The TimedObject.ejbTimeout callback */
- Method ejbTimeout = null;
-
- try
- {
- // Get the timeout method
- ejbTimeout = TimedObject.class.getMethod("ejbTimeout", new Class[]{Timer.class});
- }
- catch (NoSuchMethodException ignore)
- {
- }
- return m == ejbTimeout;
- }
-
- /**
- * Checks whether a method declares a Timeout annotation
- * @param container EJBContainer
- * @param meth The method under investigation for an annotation
- * @return @Timeout annotation exists
- */
- public boolean containsTimeoutAnnotation(EJBContainer container, Method meth)
- {
- return (Timeout) container.resolveAnnotation(meth, Timeout.class) != null;
- }
-
- /**
- * Determine if the container is a MDB
- * @param container
- * @return
- */
- public boolean isMDB(Container container)
- {
- return container instanceof MessagingContainer;
- }
-}
More information about the jboss-cvs-commits
mailing list