[jboss-cvs] JBossAS SVN: r72544 - in trunk/server/src/main/org/jboss/ejb: plugins and 1 other directory.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Tue Apr 22 00:48:59 EDT 2008
Author: anil.saldhana at jboss.com
Date: 2008-04-22 00:48:59 -0400 (Tue, 22 Apr 2008)
New Revision: 72544
Modified:
trunk/server/src/main/org/jboss/ejb/EnterpriseContext.java
trunk/server/src/main/org/jboss/ejb/plugins/SecurityInterceptor.java
Log:
use the helper framework from security spi
Modified: trunk/server/src/main/org/jboss/ejb/EnterpriseContext.java
===================================================================
--- trunk/server/src/main/org/jboss/ejb/EnterpriseContext.java 2008-04-22 04:47:57 UTC (rev 72543)
+++ trunk/server/src/main/org/jboss/ejb/EnterpriseContext.java 2008-04-22 04:48:59 UTC (rev 72544)
@@ -54,11 +54,11 @@
import org.jboss.metadata.ApplicationMetaData;
import org.jboss.metadata.BeanMetaData;
import org.jboss.metadata.SecurityRoleRefMetaData;
-import org.jboss.security.RealmMapping;
-import org.jboss.security.SecurityContext;
-import org.jboss.security.SecurityRoleRef;
-import org.jboss.security.SimplePrincipal;
-import org.jboss.security.integration.ejb.EJBAuthorizationHelper;
+import org.jboss.security.RealmMapping;
+import org.jboss.security.SecurityContext;
+import org.jboss.security.javaee.SecurityHelperFactory;
+import org.jboss.security.javaee.SecurityRoleRef;
+import org.jboss.security.SimplePrincipal;
import org.jboss.tm.TransactionTimeoutConfiguration;
import org.jboss.tm.usertx.client.ServerVMClientUserTransaction;
@@ -360,8 +360,17 @@
if( beanPrincipal == null )
{
RealmMapping rm = con.getRealmMapping();
- EJBAuthorizationHelper helper = new EJBAuthorizationHelper(SecurityActions.getSecurityContext());
- Principal caller = helper.getCallerPrincipal(rm);
+ SecurityContext sc = SecurityActions.getSecurityContext();
+ Principal caller = null;
+ try
+ {
+ caller = SecurityHelperFactory.getEJBAuthorizationHelper(sc).getCallerPrincipal();
+ }
+ catch (Exception e)
+ {
+ log.error("Error getting callerPrincipal for " + con.getBeanClass(),e);
+ }
+
if( caller == null )
{
/* Try the incoming request principal. This is needed if a client
@@ -495,10 +504,11 @@
* or the current run-as principal.
*/
public boolean isCallerInRole(String roleName)
- {
+ {
+ Container container = getContainer();
//Generate the SecurityRoleRef set
- Iterator<SecurityRoleRefMetaData> it = getContainer().getBeanMetaData().getSecurityRoleReferences();
- Set securityRoleRefs = new HashSet();
+ Iterator<SecurityRoleRefMetaData> it = container.getBeanMetaData().getSecurityRoleReferences();
+ Set<SecurityRoleRef> securityRoleRefs = new HashSet<SecurityRoleRef>();
while(it.hasNext())
{
SecurityRoleRefMetaData meta = (SecurityRoleRefMetaData) it.next();
@@ -518,9 +528,20 @@
log.trace("PolicyContextException in getting caller subject:",pe);
}
- EJBAuthorizationHelper helper = new EJBAuthorizationHelper(SecurityActions.getSecurityContext());
- String ejbName = getContainer().getBeanMetaData().getEjbName();
- return helper.isCallerInRole(roleName, ejbName, principal, securityRoleRefs);
+ SecurityContext sc = SecurityActions.getSecurityContext();
+ String ejbName = container.getBeanMetaData().getEjbName();
+
+ try
+ {
+ return SecurityHelperFactory.getEJBAuthorizationHelper(sc).isCallerInRole(roleName,
+ ejbName, principal, contextSubject,
+ container.getJaccContextID(), securityRoleRefs);
+ }
+ catch (Exception e)
+ {
+ log.error("isCallerInRole("+ roleName+") had exception:",e);
+ }
+ return false;
}
public UserTransaction getUserTransaction()
Modified: trunk/server/src/main/org/jboss/ejb/plugins/SecurityInterceptor.java
===================================================================
--- trunk/server/src/main/org/jboss/ejb/plugins/SecurityInterceptor.java 2008-04-22 04:47:57 UTC (rev 72543)
+++ trunk/server/src/main/org/jboss/ejb/plugins/SecurityInterceptor.java 2008-04-22 04:48:59 UTC (rev 72544)
@@ -46,9 +46,10 @@
import org.jboss.security.RunAsIdentity;
import org.jboss.security.SecurityContext;
import org.jboss.security.SecurityRolesAssociation;
-import org.jboss.security.SecurityUtil;
-import org.jboss.security.integration.ejb.EJBAuthenticationHelper;
-import org.jboss.security.integration.ejb.EJBAuthorizationHelper;
+import org.jboss.security.SecurityUtil;
+import org.jboss.security.identity.plugins.SimpleRoleGroup;
+import org.jboss.security.javaee.EJBAuthenticationHelper;
+import org.jboss.security.javaee.SecurityHelperFactory;
import org.jboss.system.Registry;
/**
@@ -288,8 +289,9 @@
throw new SecurityException("Role mapping manager has not been set");
}
- SecurityContext sc = SecurityActions.getSecurityContext();
- EJBAuthenticationHelper helper = new EJBAuthenticationHelper(sc);
+ SecurityContext sc = SecurityActions.getSecurityContext();
+
+ EJBAuthenticationHelper helper = SecurityHelperFactory.getEJBAuthenticationHelper(sc);
boolean isTrusted = helper.isTrusted();
if (!isTrusted)
@@ -338,17 +340,18 @@
SecurityContext currentSC = SecurityActions.getSecurityContext();
if(currentSC.getSecurityManagement() == null)
- currentSC.setSecurityManagement(securityManagement);
- EJBAuthorizationHelper eah = new EJBAuthorizationHelper(currentSC);
- isAuthorized = eah.authorize(ejbName,
- ejbMethod,
- mi.getPrincipal(),
- mi.getType().toInterfaceString(),
- ejbCS,
- caller,
- callerRunAsIdentity,
- methodRoles) ;
+ currentSC.setSecurityManagement(securityManagement);
+ isAuthorized = SecurityHelperFactory.getEJBAuthorizationHelper(sc).authorize(ejbName,
+ ejbMethod,
+ mi.getPrincipal(),
+ mi.getType().toInterfaceString(),
+ ejbCS,
+ caller,
+ callerRunAsIdentity,
+ container.getJaccContextID(),
+ new SimpleRoleGroup(methodRoles)) ;
+
String msg = "Denied: caller with subject=" + caller
+ " and security context post-mapping roles=" +
currentSC.getUtil().getRoles() ;
@@ -363,7 +366,7 @@
boolean containerMethod = m == null || m.equals(ejbTimeout);
if ( containerMethod == true || securityManager == null || container == null )
{
- // Allow for the progatation of caller info to other beans
+ // Allow for the propagation of caller info to other beans
SecurityActions.createAndSetSecurityContext(mi.getPrincipal(),
mi.getCredential(), "BYPASSED-SECURITY");
if(this.runAsIdentity != null)
More information about the jboss-cvs-commits
mailing list