[jboss-cvs] JBossAS SVN: r72576 - in projects/ejb3/dev/ejbthree1269: core and 7 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Tue Apr 22 11:28:27 EDT 2008
Author: ALRubinger
Date: 2008-04-22 11:28:27 -0400 (Tue, 22 Apr 2008)
New Revision: 72576
Added:
projects/ejb3/dev/ejbthree1269/security/src/main/java/org/jboss/ejb3/security/helpers/EJBContextHelper.java
Removed:
projects/ejb3/dev/ejbthree1269/security/eclipse-target/
projects/ejb3/dev/ejbthree1269/security/src/main/java/org/jboss/ejb3/security/helpers/AuthenticationHelper.java
projects/ejb3/dev/ejbthree1269/security/src/main/java/org/jboss/ejb3/security/helpers/AuthorizationHelper.java
Modified:
projects/ejb3/dev/ejbthree1269/core/.classpath
projects/ejb3/dev/ejbthree1269/core/.settings/org.eclipse.jdt.core.prefs
projects/ejb3/dev/ejbthree1269/core/jboss-ejb3-client.xml
projects/ejb3/dev/ejbthree1269/core/pom.xml
projects/ejb3/dev/ejbthree1269/core/src/main/java/org/jboss/ejb3/EJBContextImpl.java
projects/ejb3/dev/ejbthree1269/core/src/main/java/org/jboss/ejb3/SecurityActions.java
projects/ejb3/dev/ejbthree1269/core/src/main/java/org/jboss/ejb3/proxy/factory/BaseSessionProxyFactory.java
projects/ejb3/dev/ejbthree1269/core/src/main/java/org/jboss/ejb3/security/Ejb3AuthenticationInterceptorv2.java
projects/ejb3/dev/ejbthree1269/core/src/main/java/org/jboss/ejb3/security/RoleBasedAuthorizationInterceptorv2.java
projects/ejb3/dev/ejbthree1269/core/src/main/java/org/jboss/ejb3/security/RunAsSecurityInterceptorv2.java
projects/ejb3/dev/ejbthree1269/core/src/main/java/org/jboss/ejb3/security/SecurityActions.java
projects/ejb3/dev/ejbthree1269/core/src/main/java/org/jboss/ejb3/stateful/StatefulLocalProxyFactory.java
projects/ejb3/dev/ejbthree1269/pom.xml
projects/ejb3/dev/ejbthree1269/security/.classpath
projects/ejb3/dev/ejbthree1269/security/pom.xml
projects/ejb3/dev/ejbthree1269/security/src/main/java/org/jboss/ejb3/security/helpers/SecurityActions.java
Log:
[EJBTHREE-1269] Backmerged with trunk from 72451:72523
Modified: projects/ejb3/dev/ejbthree1269/core/.classpath
===================================================================
--- projects/ejb3/dev/ejbthree1269/core/.classpath 2008-04-22 14:56:49 UTC (rev 72575)
+++ projects/ejb3/dev/ejbthree1269/core/.classpath 2008-04-22 15:28:27 UTC (rev 72576)
@@ -206,7 +206,7 @@
<classpathentry kind="var" path="M2_REPO/org/jboss/aspects/jboss-remoting-aspects/1.0.0-SNAPSHOT/jboss-remoting-aspects-1.0.0-SNAPSHOT.jar" sourcepath="M2_REPO/org/jboss/aspects/jboss-remoting-aspects/1.0.0-SNAPSHOT/jboss-remoting-aspects-1.0.0-SNAPSHOT-sources.jar"/>
<classpathentry kind="var" path="M2_REPO/jboss/jbossws/jboss-saaj/3.0.1-native-2.0.4.GA/jboss-saaj-3.0.1-native-2.0.4.GA.jar"/>
<classpathentry kind="var" path="M2_REPO/org/jboss/aspects/jboss-security-aspects/1.0.0-SNAPSHOT/jboss-security-aspects-1.0.0-SNAPSHOT.jar" sourcepath="M2_REPO/org/jboss/aspects/jboss-security-aspects/1.0.0-SNAPSHOT/jboss-security-aspects-1.0.0-SNAPSHOT-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/security/jboss-security-spi/2.0.2.Beta5/jboss-security-spi-2.0.2.Beta5.jar" sourcepath="M2_REPO/org/jboss/security/jboss-security-spi/2.0.2.Beta5/jboss-security-spi-2.0.2.Beta5-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/security/jboss-security-spi/2.0.2.Beta6/jboss-security-spi-2.0.2.Beta6.jar" sourcepath="M2_REPO/org/jboss/security/jboss-security-spi/2.0.2.Beta6/jboss-security-spi-2.0.2.Beta6-sources.jar"/>
<classpathentry kind="var" path="M2_REPO/org/jboss/security/jboss-security-spi-bare/2.0.2.Beta5/jboss-security-spi-bare-2.0.2.Beta5.jar" sourcepath="M2_REPO/org/jboss/security/jboss-security-spi-bare/2.0.2.Beta5/jboss-security-spi-bare-2.0.2.Beta5-sources.jar">
<attributes>
<attribute value="jar:file:/home/alrubinger/.m2/repository/org/jboss/security/jboss-security-spi-bare/2.0.2.Beta5/jboss-security-spi-bare-2.0.2.Beta5-javadoc.jar!/" name="javadoc_location"/>
@@ -232,7 +232,7 @@
</attributes>
</classpathentry>
<classpathentry kind="var" path="M2_REPO/org/jboss/cache/jbosscache-core/2.1.0.CR4/jbosscache-core-2.1.0.CR4.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/security/jbosssx/2.0.2.Beta5/jbosssx-2.0.2.Beta5.jar" sourcepath="M2_REPO/org/jboss/security/jbosssx/2.0.2.Beta5/jbosssx-2.0.2.Beta5-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/security/jbosssx/2.0.2.Beta6/jbosssx-2.0.2.Beta6.jar" sourcepath="M2_REPO/org/jboss/security/jbosssx/2.0.2.Beta6/jbosssx-2.0.2.Beta6-sources.jar"/>
<classpathentry kind="var" path="M2_REPO/org/jboss/security/jbosssx-client/2.0.2.Beta5/jbosssx-client-2.0.2.Beta5.jar" sourcepath="M2_REPO/org/jboss/security/jbosssx-client/2.0.2.Beta5/jbosssx-client-2.0.2.Beta5-sources.jar"/>
<classpathentry kind="var" path="M2_REPO/org/jboss/ws/jbossws-spi/1.0.2.GA/jbossws-spi-1.0.2.GA.jar"/>
<classpathentry kind="var" path="M2_REPO/org/jboss/jbossxb/2.0.0.CR8/jbossxb-2.0.0.CR8.jar" sourcepath="M2_REPO/org/jboss/jbossxb/2.0.0.CR8/jbossxb-2.0.0.CR8-sources.jar"/>
Modified: projects/ejb3/dev/ejbthree1269/core/.settings/org.eclipse.jdt.core.prefs
===================================================================
--- projects/ejb3/dev/ejbthree1269/core/.settings/org.eclipse.jdt.core.prefs 2008-04-22 14:56:49 UTC (rev 72575)
+++ projects/ejb3/dev/ejbthree1269/core/.settings/org.eclipse.jdt.core.prefs 2008-04-22 15:28:27 UTC (rev 72576)
@@ -1,4 +1,4 @@
-#Mon Apr 21 11:01:00 GMT-05:00 2008
+#Tue Apr 22 10:26:32 GMT-05:00 2008
org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.5
eclipse.preferences.version=1
org.eclipse.jdt.core.compiler.source=1.5
Modified: projects/ejb3/dev/ejbthree1269/core/jboss-ejb3-client.xml
===================================================================
--- projects/ejb3/dev/ejbthree1269/core/jboss-ejb3-client.xml 2008-04-22 14:56:49 UTC (rev 72575)
+++ projects/ejb3/dev/ejbthree1269/core/jboss-ejb3-client.xml 2008-04-22 15:28:27 UTC (rev 72576)
@@ -62,8 +62,11 @@
<directory>../security/target/classes</directory>
<outputDirectory></outputDirectory>
<includes>
- <include>org/jboss/ejb3/security/client/SecurityActions.class</include>
- <include>org/jboss/ejb3/security/client/SecurityClientInterceptor.class</include>
+ <include>org/jboss/ejb3/security/client/**/*.class</include>
+ <include>org/jboss/ejb3/security/helpers/**/*.class</include>
+ <include>org/jboss/ejb3/security/embedded/**/*.class</include>
+ <include>org/jboss/ejb3/security/bridge/**/*.class</include>
+ <include>org/jboss/ejb3/security/SecurityDomainManager.class</include>
</includes>
</fileSet>
Modified: projects/ejb3/dev/ejbthree1269/core/pom.xml
===================================================================
--- projects/ejb3/dev/ejbthree1269/core/pom.xml 2008-04-22 14:56:49 UTC (rev 72575)
+++ projects/ejb3/dev/ejbthree1269/core/pom.xml 2008-04-22 15:28:27 UTC (rev 72576)
@@ -100,6 +100,9 @@
<descriptors>
<descriptor>jboss-ejb3-client.xml</descriptor>
</descriptors>
+ <finalName>jboss-ejb3-client</finalName>
+ <appendAssemblyId>false</appendAssemblyId>
+ <attach>false</attach>
</configuration>
<inherited>false</inherited>
</plugin>
@@ -424,12 +427,12 @@
<dependency>
<groupId>org.jboss.security</groupId>
<artifactId>jboss-security-spi</artifactId>
- <version>2.0.2.Beta5</version>
+ <version>2.0.2.Beta6</version>
</dependency>
<dependency>
<groupId>org.jboss.security</groupId>
<artifactId>jbosssx</artifactId>
- <version>2.0.2.Beta5</version>
+ <version>2.0.2.Beta6</version>
</dependency>
<dependency>
<groupId>org.jboss.ws</groupId>
Modified: projects/ejb3/dev/ejbthree1269/core/src/main/java/org/jboss/ejb3/EJBContextImpl.java
===================================================================
--- projects/ejb3/dev/ejbthree1269/core/src/main/java/org/jboss/ejb3/EJBContextImpl.java 2008-04-22 14:56:49 UTC (rev 72575)
+++ projects/ejb3/dev/ejbthree1269/core/src/main/java/org/jboss/ejb3/EJBContextImpl.java 2008-04-22 15:28:27 UTC (rev 72576)
@@ -23,11 +23,7 @@
import java.security.Identity;
import java.security.Principal;
-import java.security.PrivilegedActionException;
-import java.util.Collection;
-import java.util.HashSet;
import java.util.Properties;
-import java.util.Set;
import javax.ejb.EJBContext;
import javax.ejb.EJBException;
@@ -43,16 +39,11 @@
import javax.transaction.UserTransaction;
import org.jboss.ejb3.annotation.SecurityDomain;
-import org.jboss.ejb3.security.helpers.AuthorizationHelper;
+import org.jboss.ejb3.security.helpers.EJBContextHelper;
import org.jboss.ejb3.tx.TxUtil;
import org.jboss.ejb3.tx.UserTransactionImpl;
import org.jboss.logging.Logger;
-import org.jboss.metadata.ejb.jboss.JBossEnterpriseBeanMetaData;
-import org.jboss.metadata.javaee.spec.SecurityRoleRefMetaData;
import org.jboss.security.RealmMapping;
-import org.jboss.security.SecurityContext;
-import org.jboss.security.SecurityRoleRef;
-import org.jboss.security.SimplePrincipal;
/**
* EJB3 Enterprise Context Implementation
@@ -67,6 +58,7 @@
protected transient T container;
protected transient RealmMapping rm;
protected B beanContext;
+ protected EJBContextHelper ejbContextHelper;
/** Principal for the bean associated with the call **/
private Principal beanPrincipal;
@@ -78,6 +70,8 @@
this.beanContext = beanContext;
this.container = beanContext.getContainer();
this.rm = container.getSecurityManager(RealmMapping.class);
+ this.ejbContextHelper = new EJBContextHelper();
+
}
protected T getContainer()
@@ -136,70 +130,19 @@
{
throw new IllegalStateException("deprecated");
}
-
- /*public Principal getCallerPrincipal()
- {
- Principal principal = null;
-
- RunAsIdentity runAsIdentity = SecurityActions.peekRunAsIdentity(1);
-
- principal = SecurityAssociation.getCallerPrincipal();
-
- if (getRm() != null)
- {
- principal = getRm().getPrincipal(principal);
- }
-
- // This method never returns null.
- if (principal == null)
- throw new java.lang.IllegalStateException("No valid security context for the caller identity");
-
- return principal;
- }
-*/
+ /**
+ * @see EJBContext#getCallerPrincipal()
+ */
public Principal getCallerPrincipal()
{
if(beanPrincipal == null)
{
EJBContainer ec = (EJBContainer) container;
-
- Principal callerPrincipal = null;
-
- RealmMapping rm = container.getSecurityManager(RealmMapping.class);
-
- SecurityContext sc = SecurityActions.getSecurityContext();
- if(sc == null)
- {
- SecurityDomain domain =(SecurityDomain)ec.resolveAnnotation(SecurityDomain.class);
- String unauth = domain.unauthenticatedPrincipal();
- if(unauth != null && unauth.length() > 0)
- if(domain.unauthenticatedPrincipal() != null)
- callerPrincipal = new SimplePrincipal(unauth);
- }
- else
- {
- AuthorizationHelper helper = new AuthorizationHelper(sc);
- callerPrincipal = helper.getCallerPrincipal(rm);
- }
-
- if(callerPrincipal == null)
- {
- //try the incoming principal
- callerPrincipal = sc.getUtil().getUserPrincipal();
- if(rm != null)
- callerPrincipal = rm.getPrincipal(callerPrincipal);
- }
-
- if(callerPrincipal == null)
- {
- SecurityDomain domain =(SecurityDomain)ec.resolveAnnotation(SecurityDomain.class);
- String unauth = domain.unauthenticatedPrincipal();
- if(unauth != null && unauth.length() > 0)
- if(domain.unauthenticatedPrincipal() != null)
- callerPrincipal = new SimplePrincipal(unauth);
- }
-
+ SecurityDomain domain = ec.getAnnotation(SecurityDomain.class);
+ Principal callerPrincipal = ejbContextHelper.getCallerPrincipal(SecurityActions.getSecurityContext(),
+ rm, domain);
+
// This method never returns null.
if (callerPrincipal == null)
throw new java.lang.IllegalStateException("No valid security context for the caller identity");
@@ -216,44 +159,18 @@
throw new IllegalStateException("deprecated");
}
+ /**
+ * @see EJBContext#isCallerInRole(String)
+ */
public boolean isCallerInRole(String roleName)
{
- EJBContainer ejbc = (EJBContainer)container;
- SecurityContext sc = SecurityActions.getSecurityContext();
- if(sc == null)
- {
- SecurityDomain domain =(SecurityDomain)ejbc.resolveAnnotation(SecurityDomain.class);
- try
- {
- sc = SecurityActions.createSecurityContext(domain.value());
- }
- catch (PrivilegedActionException e)
- {
- throw new RuntimeException(e);
- }
- }
- // TODO: this is to slow
- Set<SecurityRoleRefMetaData> roleRefs = new HashSet<SecurityRoleRefMetaData>();
- JBossEnterpriseBeanMetaData eb = ejbc.getXml();
- if(eb != null)
- {
- Collection<SecurityRoleRefMetaData> srf = eb.getSecurityRoleRefs();
- if(srf != null)
- roleRefs.addAll(srf);
- }
-
- //TODO: Get rid of this conversion asap
- Set<SecurityRoleRef> srset = new HashSet<SecurityRoleRef>();
- for(SecurityRoleRefMetaData srmd: roleRefs)
- {
- srset.add(new SecurityRoleRef(srmd.getRoleName(),srmd.getRoleLink(),null));
- }
- Principal principal = getCallerPrincipal();
- AuthorizationHelper helper = new AuthorizationHelper(sc);
- return helper.isCallerInRole(roleName,
- ejbc.getEjbName(),
- principal,
- srset);
+ EJBContainer ejbc = (EJBContainer)container;
+ return ejbContextHelper.isCallerInRole(SecurityActions.getSecurityContext(),
+ ejbc.getAnnotation(SecurityDomain.class),
+ rm,
+ ejbc.getXml(),
+ roleName,
+ ejbc.getEjbName());
}
Modified: projects/ejb3/dev/ejbthree1269/core/src/main/java/org/jboss/ejb3/SecurityActions.java
===================================================================
--- projects/ejb3/dev/ejbthree1269/core/src/main/java/org/jboss/ejb3/SecurityActions.java 2008-04-22 14:56:49 UTC (rev 72575)
+++ projects/ejb3/dev/ejbthree1269/core/src/main/java/org/jboss/ejb3/SecurityActions.java 2008-04-22 15:28:27 UTC (rev 72576)
@@ -138,26 +138,26 @@
return previousID;
}
- public static RunAsIdentity peekRunAsIdentity(int depth)
+ static RunAsIdentity peekRunAsIdentity(int depth)
{
PrivilegedAction action = new PeekRunAsRoleAction(depth);
RunAsIdentity principal = (RunAsIdentity) AccessController.doPrivileged(action);
return principal;
}
- public static Subject getActiveSubject()
+ static Subject getActiveSubject()
{
Subject subject = (Subject) AccessController.doPrivileged(GetSubjectAction.ACTION);
return subject;
}
- public static void pushRunAsIdentity(RunAsIdentity runAsIdentity)
+ static void pushRunAsIdentity(RunAsIdentity runAsIdentity)
{
PrivilegedAction action = new PushRunAsIdentityAction(runAsIdentity);
AccessController.doPrivileged(action);
}
- public static void pushRunAs(final RunAsIdentity runAsIdentity)
+ static void pushRunAs(final RunAsIdentity runAsIdentity)
{
AccessController.doPrivileged(new PrivilegedAction()
{
@@ -170,7 +170,7 @@
});
}
- public static SecurityContext getSecurityContext()
+ static SecurityContext getSecurityContext()
{
return (SecurityContext) AccessController.doPrivileged(new PrivilegedAction()
{
@@ -183,12 +183,12 @@
});
}
- public static RunAsIdentity popRunAsIdentity()
+ static RunAsIdentity popRunAsIdentity()
{
return (RunAsIdentity)AccessController.doPrivileged(PopRunAsIdentityAction.ACTION);
}
- public static RunAsIdentity popRunAs()
+ static RunAsIdentity popRunAs()
{
return (RunAsIdentity)AccessController.doPrivileged(new PrivilegedAction()
{
@@ -315,13 +315,13 @@
void setContextClassLoader(Thread thread, ClassLoader cl);
}
- public static SecurityContext createSecurityContext(final String securityDomain) throws PrivilegedActionException
+ static SecurityContext createSecurityContext(final String securityDomain) throws PrivilegedActionException
{
- return (SecurityContext) AccessController.doPrivileged(new PrivilegedExceptionAction()
+ return AccessController.doPrivileged(new PrivilegedExceptionAction<SecurityContext>()
{
- public Object run() throws Exception
+ public SecurityContext run() throws Exception
{
return SecurityContextFactory.createSecurityContext(securityDomain);
}});
}
-}
+}
\ No newline at end of file
Modified: projects/ejb3/dev/ejbthree1269/core/src/main/java/org/jboss/ejb3/proxy/factory/BaseSessionProxyFactory.java
===================================================================
--- projects/ejb3/dev/ejbthree1269/core/src/main/java/org/jboss/ejb3/proxy/factory/BaseSessionProxyFactory.java 2008-04-22 14:56:49 UTC (rev 72575)
+++ projects/ejb3/dev/ejbthree1269/core/src/main/java/org/jboss/ejb3/proxy/factory/BaseSessionProxyFactory.java 2008-04-22 15:28:27 UTC (rev 72576)
@@ -49,7 +49,6 @@
import org.jboss.ejb3.SpecificationInterfaceType;
import org.jboss.ejb3.annotation.RemoteBinding;
import org.jboss.ejb3.proxy.JBossProxy;
-import org.jboss.ejb3.proxy.ProxyFactory;
import org.jboss.ejb3.proxy.handler.BaseSessionRemoteProxyInvocationHandler;
import org.jboss.ejb3.proxy.impl.EJBMetaDataImpl;
import org.jboss.ejb3.proxy.impl.HomeHandleImpl;
@@ -65,7 +64,7 @@
* @author <a href="mailto:bdecoste at jboss.com">William DeCoste</a>
* @version $Revision$
*/
-public abstract class BaseSessionProxyFactory implements ProxyFactory, Externalizable
+public abstract class BaseSessionProxyFactory implements SessionProxyFactory, Externalizable
{
@SuppressWarnings("unused")
private static final Logger log = Logger.getLogger(BaseSessionProxyFactory.class);
Modified: projects/ejb3/dev/ejbthree1269/core/src/main/java/org/jboss/ejb3/security/Ejb3AuthenticationInterceptorv2.java
===================================================================
--- projects/ejb3/dev/ejbthree1269/core/src/main/java/org/jboss/ejb3/security/Ejb3AuthenticationInterceptorv2.java 2008-04-22 14:56:49 UTC (rev 72575)
+++ projects/ejb3/dev/ejbthree1269/core/src/main/java/org/jboss/ejb3/security/Ejb3AuthenticationInterceptorv2.java 2008-04-22 15:28:27 UTC (rev 72576)
@@ -32,11 +32,12 @@
import org.jboss.ejb3.Container;
import org.jboss.ejb3.EJBContainer;
import org.jboss.ejb3.annotation.SecurityDomain;
-import org.jboss.ejb3.security.helpers.AuthenticationHelper;
import org.jboss.logging.Logger;
import org.jboss.security.ISecurityManagement;
import org.jboss.security.SecurityContext;
import org.jboss.security.SecurityUtil;
+import org.jboss.security.javaee.EJBAuthenticationHelper;
+import org.jboss.security.javaee.SecurityHelperFactory;
/**
* Authentication Interceptor
@@ -116,7 +117,15 @@
sc.setSecurityManagement(getSecurityManagement());
//Check if there is a RunAs configured and can be trusted
- AuthenticationHelper helper = new AuthenticationHelper(sc);
+ EJBAuthenticationHelper helper = null;
+ try
+ {
+ helper = SecurityHelperFactory.getEJBAuthenticationHelper(sc);
+ }
+ catch(Exception e)
+ {
+ throw new RuntimeException(e);
+ }
boolean trustedCaller = helper.isTrusted();
if(!trustedCaller)
{
Modified: projects/ejb3/dev/ejbthree1269/core/src/main/java/org/jboss/ejb3/security/RoleBasedAuthorizationInterceptorv2.java
===================================================================
--- projects/ejb3/dev/ejbthree1269/core/src/main/java/org/jboss/ejb3/security/RoleBasedAuthorizationInterceptorv2.java 2008-04-22 14:56:49 UTC (rev 72575)
+++ projects/ejb3/dev/ejbthree1269/core/src/main/java/org/jboss/ejb3/security/RoleBasedAuthorizationInterceptorv2.java 2008-04-22 15:28:27 UTC (rev 72576)
@@ -40,7 +40,6 @@
import org.jboss.ejb3.Container;
import org.jboss.ejb3.EJBContainer;
import org.jboss.ejb3.annotation.SecurityDomain;
-import org.jboss.ejb3.security.helpers.AuthorizationHelper;
import org.jboss.logging.Logger;
import org.jboss.metadata.ejb.jboss.JBossAssemblyDescriptorMetaData;
import org.jboss.remoting.InvokerLocator;
@@ -49,7 +48,10 @@
import org.jboss.security.RunAs;
import org.jboss.security.SecurityContext;
import org.jboss.security.SecurityRolesAssociation;
-import org.jboss.security.SimplePrincipal;
+import org.jboss.security.SimplePrincipal;
+import org.jboss.security.identity.plugins.SimpleRoleGroup;
+import org.jboss.security.javaee.AbstractEJBAuthorizationHelper;
+import org.jboss.security.javaee.SecurityHelperFactory;
/**
* The RoleBasedAuthorizationInterceptor checks that the caller principal is
@@ -175,7 +177,15 @@
RunAs callerRunAs = SecurityActions.peekRunAs();
- AuthorizationHelper helper = new AuthorizationHelper(sc);
+ AbstractEJBAuthorizationHelper helper = null;
+ try
+ {
+ helper = SecurityHelperFactory.getEJBAuthorizationHelper(sc);
+ }
+ catch(Exception e)
+ {
+ throw new RuntimeException(e);
+ }
boolean isAuthorized = helper.authorize(ejbName,
mi.getMethod(),
sc.getUtil().getUserPrincipal(),
@@ -183,7 +193,8 @@
ejbCS,
sc.getUtil().getSubject(),
callerRunAs,
- methodRoles);
+ contextID,
+ new SimpleRoleGroup(methodRoles));
if(!isAuthorized)
throw new EJBAccessException("Caller unauthorized");
}
@@ -201,4 +212,4 @@
{
return getClass().getName();
}
-}
+}
\ No newline at end of file
Modified: projects/ejb3/dev/ejbthree1269/core/src/main/java/org/jboss/ejb3/security/RunAsSecurityInterceptorv2.java
===================================================================
--- projects/ejb3/dev/ejbthree1269/core/src/main/java/org/jboss/ejb3/security/RunAsSecurityInterceptorv2.java 2008-04-22 14:56:49 UTC (rev 72575)
+++ projects/ejb3/dev/ejbthree1269/core/src/main/java/org/jboss/ejb3/security/RunAsSecurityInterceptorv2.java 2008-04-22 15:28:27 UTC (rev 72576)
@@ -24,8 +24,7 @@
import org.jboss.aop.advice.Interceptor;
import org.jboss.aop.joinpoint.Invocation;
import org.jboss.aop.joinpoint.MethodInvocation;
-import org.jboss.ejb3.EJBContainer;
-import org.jboss.ejb3.SecurityActions;
+import org.jboss.ejb3.EJBContainer;
import org.jboss.ejb3.annotation.SecurityDomain;
import org.jboss.logging.Logger;
import org.jboss.security.RunAsIdentity;
Modified: projects/ejb3/dev/ejbthree1269/core/src/main/java/org/jboss/ejb3/security/SecurityActions.java
===================================================================
--- projects/ejb3/dev/ejbthree1269/core/src/main/java/org/jboss/ejb3/security/SecurityActions.java 2008-04-22 14:56:49 UTC (rev 72575)
+++ projects/ejb3/dev/ejbthree1269/core/src/main/java/org/jboss/ejb3/security/SecurityActions.java 2008-04-22 15:28:27 UTC (rev 72576)
@@ -404,4 +404,18 @@
}
});
}
+
+ static RunAsIdentity popRunAs()
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<RunAsIdentity>()
+ {
+ public RunAsIdentity run()
+ {
+ SecurityContext sc = getSecurityContext();
+ RunAsIdentity ra = (RunAsIdentity) sc.getOutgoingRunAs();
+ sc.setOutgoingRunAs(null);
+ return ra;
+ }
+ });
+ }
}
Modified: projects/ejb3/dev/ejbthree1269/core/src/main/java/org/jboss/ejb3/stateful/StatefulLocalProxyFactory.java
===================================================================
--- projects/ejb3/dev/ejbthree1269/core/src/main/java/org/jboss/ejb3/stateful/StatefulLocalProxyFactory.java 2008-04-22 14:56:49 UTC (rev 72575)
+++ projects/ejb3/dev/ejbthree1269/core/src/main/java/org/jboss/ejb3/stateful/StatefulLocalProxyFactory.java 2008-04-22 15:28:27 UTC (rev 72576)
@@ -168,6 +168,11 @@
Object id = getContainer().createSession();
return this.createProxyEjb21(id, businessInterfaceType);
}
+
+ public Object createProxyBusiness(String businessInterfaceType)
+ {
+ return this.createProxyBusiness(null, businessInterfaceType);
+ }
public Object createProxyBusiness(Object id)
{
Modified: projects/ejb3/dev/ejbthree1269/pom.xml
===================================================================
--- projects/ejb3/dev/ejbthree1269/pom.xml 2008-04-22 14:56:49 UTC (rev 72575)
+++ projects/ejb3/dev/ejbthree1269/pom.xml 2008-04-22 15:28:27 UTC (rev 72576)
@@ -48,6 +48,7 @@
<module>pool</module>
<!-- module>sandbox</module -->
<module>security</module>
+ <module>transactions</module>
</modules>
<profiles>
Modified: projects/ejb3/dev/ejbthree1269/security/.classpath
===================================================================
--- projects/ejb3/dev/ejbthree1269/security/.classpath 2008-04-22 14:56:49 UTC (rev 72575)
+++ projects/ejb3/dev/ejbthree1269/security/.classpath 2008-04-22 15:28:27 UTC (rev 72576)
@@ -1,49 +1,50 @@
-<classpath>
- <classpathentry kind="src" path="src/main/java"/>
- <classpathentry kind="src" path="src/main/resources" excluding="**/*.java"/>
- <classpathentry kind="src" path="src/test/java" output="eclipse-target/tests-classes"/>
- <classpathentry kind="src" path="src/test/resources" output="eclipse-target/tests-classes" excluding="**/*.java"/>
- <classpathentry kind="output" path="eclipse-target/classes"/>
- <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
- <classpathentry kind="var" path="M2_REPO/junit/junit/4.4/junit-4.4.jar" sourcepath="M2_REPO/junit/junit/4.4/junit-4.4-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/jboss-common-core/2.2.5.GA/jboss-common-core-2.2.5.GA.jar" sourcepath="M2_REPO/org/jboss/jboss-common-core/2.2.5.GA/jboss-common-core-2.2.5.GA-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/logging/jboss-logging-spi/2.0.5.GA/jboss-logging-spi-2.0.5.GA.jar" sourcepath="M2_REPO/org/jboss/logging/jboss-logging-spi/2.0.5.GA/jboss-logging-spi-2.0.5.GA-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/aop/jboss-aop/2.0.0.CR7/jboss-aop-2.0.0.CR7.jar" sourcepath="M2_REPO/org/jboss/aop/jboss-aop/2.0.0.CR7/jboss-aop-2.0.0.CR7-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/ant/ant/1.6.5/ant-1.6.5.jar" sourcepath="M2_REPO/ant/ant/1.6.5/ant-1.6.5-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/apache-xerces/xml-apis/2.7.1/xml-apis-2.7.1.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/javassist/3.6.0.GA/javassist-3.6.0.GA.jar" sourcepath="M2_REPO/org/jboss/javassist/3.6.0.GA/javassist-3.6.0.GA-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/microcontainer/jboss-container/2.0.0.Beta9/jboss-container-2.0.0.Beta9.jar" sourcepath="M2_REPO/org/jboss/microcontainer/jboss-container/2.0.0.Beta9/jboss-container-2.0.0.Beta9-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/jbossxb/2.0.0.CR8/jbossxb-2.0.0.CR8.jar" sourcepath="M2_REPO/org/jboss/jbossxb/2.0.0.CR8/jbossxb-2.0.0.CR8-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/apache-xerces/xercesImpl/2.9.1/xercesImpl-2.9.1.jar"/>
- <classpathentry kind="var" path="M2_REPO/wutka-dtdparser/dtdparser121/1.2.1/dtdparser121-1.2.1.jar"/>
- <classpathentry kind="var" path="M2_REPO/javax/activation/activation/1.1/activation-1.1.jar" sourcepath="M2_REPO/javax/activation/activation/1.1/activation-1.1-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/jboss/jboss-logging-spi/2.0.3.GA/jboss-logging-spi-2.0.3.GA.jar" sourcepath="M2_REPO/jboss/jboss-logging-spi/2.0.3.GA/jboss-logging-spi-2.0.3.GA-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/jboss/jboss-common-logging-spi/2.0.4.GA/jboss-common-logging-spi-2.0.4.GA.jar" sourcepath="M2_REPO/jboss/jboss-common-logging-spi/2.0.4.GA/jboss-common-logging-spi-2.0.4.GA-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/qdox/qdox/1.6/qdox-1.6.jar" sourcepath="M2_REPO/qdox/qdox/1.6/qdox-1.6-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/trove/trove/1.0.2/trove-1.0.2.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/ejb3/jboss-ejb3-ext-api/0.3/jboss-ejb3-ext-api-0.3.jar" sourcepath="M2_REPO/org/jboss/ejb3/jboss-ejb3-ext-api/0.3/jboss-ejb3-ext-api-0.3-sources.jar">
- <attributes>
- <attribute value="jar:file://home/carlo/.m2/repository/org/jboss/ejb3/jboss-ejb3-ext-api/0.3/jboss-ejb3-ext-api-0.3-javadoc.jar!/" name="javadoc_location"/>
- </attributes>
- </classpathentry>
- <classpathentry kind="var" path="M2_REPO/org/jboss/javaee/jboss-ejb-api/3.0.0.Beta3Update1/jboss-ejb-api-3.0.0.Beta3Update1.jar" sourcepath="M2_REPO/org/jboss/javaee/jboss-ejb-api/3.0.0.Beta3Update1/jboss-ejb-api-3.0.0.Beta3Update1-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/javaee/jboss-transaction-api/1.0.1.Beta3Update1/jboss-transaction-api-1.0.1.Beta3Update1.jar" sourcepath="M2_REPO/org/jboss/javaee/jboss-transaction-api/1.0.1.Beta3Update1/jboss-transaction-api-1.0.1.Beta3Update1-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/jboss/jbossws/jboss-jaxrpc/1.0.4.GA/jboss-jaxrpc-1.0.4.GA.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/ejb3/jboss-ejb3-ext-api-impl/0.3-SNAPSHOT/jboss-ejb3-ext-api-impl-0.3-SNAPSHOT.jar" sourcepath="M2_REPO/org/jboss/ejb3/jboss-ejb3-ext-api-impl/0.3-SNAPSHOT/jboss-ejb3-ext-api-impl-0.3-SNAPSHOT-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/ejb3/jboss-ejb3-metadata/0.12.1/jboss-ejb3-metadata-0.12.1.jar" sourcepath="M2_REPO/org/jboss/ejb3/jboss-ejb3-metadata/0.12.1/jboss-ejb3-metadata-0.12.1-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/metadata/jboss-metadata/1.0.0.Beta7/jboss-metadata-1.0.0.Beta7.jar" sourcepath="M2_REPO/org/jboss/metadata/jboss-metadata/1.0.0.Beta7/jboss-metadata-1.0.0.Beta7-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/jboss-vfs/2.0.0.Beta10/jboss-vfs-2.0.0.Beta10.jar" sourcepath="M2_REPO/org/jboss/jboss-vfs/2.0.0.Beta10/jboss-vfs-2.0.0.Beta10-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/javax/xml/bind/jaxb-api/2.1/jaxb-api-2.1.jar" sourcepath="M2_REPO/javax/xml/bind/jaxb-api/2.1/jaxb-api-2.1-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/javax/xml/stream/stax-api/1.0-2/stax-api-1.0-2.jar" sourcepath="M2_REPO/javax/xml/stream/stax-api/1.0-2/stax-api-1.0-2-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/jboss-jaxws/2.0.1.GA/jboss-jaxws-2.0.1.GA.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/ws/jbossws-spi/1.0.2.GA/jbossws-spi-1.0.2.GA.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/javaee/jboss-javaee/5.0.0.Beta3Update1/jboss-javaee-5.0.0.Beta3Update1.jar" sourcepath="M2_REPO/org/jboss/javaee/jboss-javaee/5.0.0.Beta3Update1/jboss-javaee-5.0.0.Beta3Update1-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/javaee/jboss-jacc-api/1.1.0.Beta3Update1/jboss-jacc-api-1.1.0.Beta3Update1.jar" sourcepath="M2_REPO/org/jboss/javaee/jboss-jacc-api/1.1.0.Beta3Update1/jboss-jacc-api-1.1.0.Beta3Update1-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/javaee/jboss-servlet-api/2.5.0.Beta3Update1/jboss-servlet-api-2.5.0.Beta3Update1.jar" sourcepath="M2_REPO/org/jboss/javaee/jboss-servlet-api/2.5.0.Beta3Update1/jboss-servlet-api-2.5.0.Beta3Update1-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/javaee/jboss-jaspi-api/1.0.0.Beta3Update1/jboss-jaspi-api-1.0.0.Beta3Update1.jar" sourcepath="M2_REPO/org/jboss/javaee/jboss-jaspi-api/1.0.0.Beta3Update1/jboss-jaspi-api-1.0.0.Beta3Update1-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/logging/jboss-logging-log4j/2.0.5.GA/jboss-logging-log4j-2.0.5.GA.jar" sourcepath="M2_REPO/org/jboss/logging/jboss-logging-log4j/2.0.5.GA/jboss-logging-log4j-2.0.5.GA-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/apache-log4j/log4j/1.2.14/log4j-1.2.14.jar" sourcepath="M2_REPO/apache-log4j/log4j/1.2.14/log4j-1.2.14-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/jboss-reflect/2.0.0.Beta11/jboss-reflect-2.0.0.Beta11.jar" sourcepath="M2_REPO/org/jboss/jboss-reflect/2.0.0.Beta11/jboss-reflect-2.0.0.Beta11-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/security/jboss-security-spi/2.0.2.Beta5/jboss-security-spi-2.0.2.Beta5.jar" sourcepath="M2_REPO/org/jboss/security/jboss-security-spi/2.0.2.Beta5/jboss-security-spi-2.0.2.Beta5-sources.jar"/>
- <classpathentry kind="var" path="M2_REPO/org/jboss/security/jbosssx/2.0.2.Beta5/jbosssx-2.0.2.Beta5.jar" sourcepath="M2_REPO/org/jboss/security/jbosssx/2.0.2.Beta5/jbosssx-2.0.2.Beta5-sources.jar"/>
-</classpath>
\ No newline at end of file
+<?xml version="1.0" encoding="UTF-8"?>
+<classpath>
+ <classpathentry kind="src" path="src/main/java"/>
+ <classpathentry excluding="**/*.java" kind="src" path="src/main/resources"/>
+ <classpathentry kind="src" output="target/tests-classes" path="src/test/java"/>
+ <classpathentry excluding="**/*.java" kind="src" output="target/tests-classes" path="src/test/resources"/>
+ <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
+ <classpathentry kind="var" path="M2_REPO/junit/junit/4.4/junit-4.4.jar" sourcepath="M2_REPO/junit/junit/4.4/junit-4.4-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/jboss-common-core/2.2.5.GA/jboss-common-core-2.2.5.GA.jar" sourcepath="M2_REPO/org/jboss/jboss-common-core/2.2.5.GA/jboss-common-core-2.2.5.GA-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/logging/jboss-logging-spi/2.0.5.GA/jboss-logging-spi-2.0.5.GA.jar" sourcepath="M2_REPO/org/jboss/logging/jboss-logging-spi/2.0.5.GA/jboss-logging-spi-2.0.5.GA-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/aop/jboss-aop/2.0.0.CR7/jboss-aop-2.0.0.CR7.jar" sourcepath="M2_REPO/org/jboss/aop/jboss-aop/2.0.0.CR7/jboss-aop-2.0.0.CR7-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/ant/ant/1.6.5/ant-1.6.5.jar" sourcepath="M2_REPO/ant/ant/1.6.5/ant-1.6.5-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/apache-xerces/xml-apis/2.7.1/xml-apis-2.7.1.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/javassist/3.6.0.GA/javassist-3.6.0.GA.jar" sourcepath="M2_REPO/org/jboss/javassist/3.6.0.GA/javassist-3.6.0.GA-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/microcontainer/jboss-container/2.0.0.Beta9/jboss-container-2.0.0.Beta9.jar" sourcepath="M2_REPO/org/jboss/microcontainer/jboss-container/2.0.0.Beta9/jboss-container-2.0.0.Beta9-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/jbossxb/2.0.0.CR8/jbossxb-2.0.0.CR8.jar" sourcepath="M2_REPO/org/jboss/jbossxb/2.0.0.CR8/jbossxb-2.0.0.CR8-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/apache-xerces/xercesImpl/2.9.1/xercesImpl-2.9.1.jar"/>
+ <classpathentry kind="var" path="M2_REPO/wutka-dtdparser/dtdparser121/1.2.1/dtdparser121-1.2.1.jar"/>
+ <classpathentry kind="var" path="M2_REPO/javax/activation/activation/1.1/activation-1.1.jar" sourcepath="M2_REPO/javax/activation/activation/1.1/activation-1.1-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/jboss/jboss-logging-spi/2.0.3.GA/jboss-logging-spi-2.0.3.GA.jar" sourcepath="M2_REPO/jboss/jboss-logging-spi/2.0.3.GA/jboss-logging-spi-2.0.3.GA-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/jboss/jboss-common-logging-spi/2.0.4.GA/jboss-common-logging-spi-2.0.4.GA.jar" sourcepath="M2_REPO/jboss/jboss-common-logging-spi/2.0.4.GA/jboss-common-logging-spi-2.0.4.GA-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/qdox/qdox/1.6/qdox-1.6.jar" sourcepath="M2_REPO/qdox/qdox/1.6/qdox-1.6-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/trove/trove/1.0.2/trove-1.0.2.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/ejb3/jboss-ejb3-ext-api/0.3/jboss-ejb3-ext-api-0.3.jar" sourcepath="M2_REPO/org/jboss/ejb3/jboss-ejb3-ext-api/0.3/jboss-ejb3-ext-api-0.3-sources.jar">
+ <attributes>
+ <attribute name="javadoc_location" value="jar:file://home/carlo/.m2/repository/org/jboss/ejb3/jboss-ejb3-ext-api/0.3/jboss-ejb3-ext-api-0.3-javadoc.jar!/"/>
+ </attributes>
+ </classpathentry>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/javaee/jboss-ejb-api/3.0.0.Beta3Update1/jboss-ejb-api-3.0.0.Beta3Update1.jar" sourcepath="M2_REPO/org/jboss/javaee/jboss-ejb-api/3.0.0.Beta3Update1/jboss-ejb-api-3.0.0.Beta3Update1-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/javaee/jboss-transaction-api/1.0.1.Beta3Update1/jboss-transaction-api-1.0.1.Beta3Update1.jar" sourcepath="M2_REPO/org/jboss/javaee/jboss-transaction-api/1.0.1.Beta3Update1/jboss-transaction-api-1.0.1.Beta3Update1-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/jboss/jbossws/jboss-jaxrpc/1.0.4.GA/jboss-jaxrpc-1.0.4.GA.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/ejb3/jboss-ejb3-ext-api-impl/0.3-SNAPSHOT/jboss-ejb3-ext-api-impl-0.3-SNAPSHOT.jar" sourcepath="M2_REPO/org/jboss/ejb3/jboss-ejb3-ext-api-impl/0.3-SNAPSHOT/jboss-ejb3-ext-api-impl-0.3-SNAPSHOT-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/ejb3/jboss-ejb3-metadata/0.12.1/jboss-ejb3-metadata-0.12.1.jar" sourcepath="M2_REPO/org/jboss/ejb3/jboss-ejb3-metadata/0.12.1/jboss-ejb3-metadata-0.12.1-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/metadata/jboss-metadata/1.0.0.Beta7/jboss-metadata-1.0.0.Beta7.jar" sourcepath="M2_REPO/org/jboss/metadata/jboss-metadata/1.0.0.Beta7/jboss-metadata-1.0.0.Beta7-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/jboss-vfs/2.0.0.Beta10/jboss-vfs-2.0.0.Beta10.jar" sourcepath="M2_REPO/org/jboss/jboss-vfs/2.0.0.Beta10/jboss-vfs-2.0.0.Beta10-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/javax/xml/bind/jaxb-api/2.1/jaxb-api-2.1.jar" sourcepath="M2_REPO/javax/xml/bind/jaxb-api/2.1/jaxb-api-2.1-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/javax/xml/stream/stax-api/1.0-2/stax-api-1.0-2.jar" sourcepath="M2_REPO/javax/xml/stream/stax-api/1.0-2/stax-api-1.0-2-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/jboss-jaxws/2.0.1.GA/jboss-jaxws-2.0.1.GA.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/ws/jbossws-spi/1.0.2.GA/jbossws-spi-1.0.2.GA.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/javaee/jboss-javaee/5.0.0.Beta3Update1/jboss-javaee-5.0.0.Beta3Update1.jar" sourcepath="M2_REPO/org/jboss/javaee/jboss-javaee/5.0.0.Beta3Update1/jboss-javaee-5.0.0.Beta3Update1-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/javaee/jboss-jacc-api/1.1.0.Beta3Update1/jboss-jacc-api-1.1.0.Beta3Update1.jar" sourcepath="M2_REPO/org/jboss/javaee/jboss-jacc-api/1.1.0.Beta3Update1/jboss-jacc-api-1.1.0.Beta3Update1-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/javaee/jboss-servlet-api/2.5.0.Beta3Update1/jboss-servlet-api-2.5.0.Beta3Update1.jar" sourcepath="M2_REPO/org/jboss/javaee/jboss-servlet-api/2.5.0.Beta3Update1/jboss-servlet-api-2.5.0.Beta3Update1-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/javaee/jboss-jaspi-api/1.0.0.Beta3Update1/jboss-jaspi-api-1.0.0.Beta3Update1.jar" sourcepath="M2_REPO/org/jboss/javaee/jboss-jaspi-api/1.0.0.Beta3Update1/jboss-jaspi-api-1.0.0.Beta3Update1-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/logging/jboss-logging-log4j/2.0.5.GA/jboss-logging-log4j-2.0.5.GA.jar" sourcepath="M2_REPO/org/jboss/logging/jboss-logging-log4j/2.0.5.GA/jboss-logging-log4j-2.0.5.GA-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/apache-log4j/log4j/1.2.14/log4j-1.2.14.jar" sourcepath="M2_REPO/apache-log4j/log4j/1.2.14/log4j-1.2.14-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/jboss-reflect/2.0.0.Beta11/jboss-reflect-2.0.0.Beta11.jar" sourcepath="M2_REPO/org/jboss/jboss-reflect/2.0.0.Beta11/jboss-reflect-2.0.0.Beta11-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/security/jboss-security-spi/2.0.2.Beta6/jboss-security-spi-2.0.2.Beta6.jar" sourcepath="M2_REPO/org/jboss/security/jboss-security-spi/2.0.2.Beta5/jboss-security-spi-2.0.2.Beta5-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/security/jbosssx/2.0.2.Beta6/jbosssx-2.0.2.Beta6.jar" sourcepath="M2_REPO/org/jboss/security/jbosssx/2.0.2.Beta5/jbosssx-2.0.2.Beta5-sources.jar"/>
+ <classpathentry kind="output" path="target/eclipse-classes"/>
+</classpath>
Modified: projects/ejb3/dev/ejbthree1269/security/pom.xml
===================================================================
--- projects/ejb3/dev/ejbthree1269/security/pom.xml 2008-04-22 14:56:49 UTC (rev 72575)
+++ projects/ejb3/dev/ejbthree1269/security/pom.xml 2008-04-22 15:28:27 UTC (rev 72576)
@@ -29,14 +29,14 @@
<dependency>
<groupId>org.jboss.security</groupId>
<artifactId>jboss-security-spi</artifactId>
- <version>2.0.2.Beta5</version>
+ <version>2.0.2.Beta6</version>
</dependency>
<!-- JBoss Security Impl -->
<dependency>
<groupId>org.jboss.security</groupId>
<artifactId>jbosssx</artifactId>
- <version>2.0.2.Beta5</version>
+ <version>2.0.2.Beta6</version>
</dependency>
<!-- EJB3 API -->
Deleted: projects/ejb3/dev/ejbthree1269/security/src/main/java/org/jboss/ejb3/security/helpers/AuthenticationHelper.java
===================================================================
--- projects/ejb3/dev/ejbthree1269/security/src/main/java/org/jboss/ejb3/security/helpers/AuthenticationHelper.java 2008-04-22 14:56:49 UTC (rev 72575)
+++ projects/ejb3/dev/ejbthree1269/security/src/main/java/org/jboss/ejb3/security/helpers/AuthenticationHelper.java 2008-04-22 15:28:27 UTC (rev 72576)
@@ -1,100 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2007, JBoss Inc., and individual contributors as indicated
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.ejb3.security.helpers;
-
-import java.security.Principal;
-import java.util.Map;
-
-import javax.security.auth.Subject;
-
-import org.jboss.security.SecurityContext;
-import org.jboss.security.audit.AuditLevel;
-import org.jboss.security.identitytrust.IdentityTrustException;
-import org.jboss.security.identitytrust.IdentityTrustManager;
-import org.jboss.security.identitytrust.IdentityTrustManager.TrustDecision;
-
-/**
- * Authentication Helper
- * @author Anil.Saldhana at redhat.com
- * @since Apr 16, 2008
- * @version $Revision$
- */
-public class AuthenticationHelper extends SecurityHelper
-{
- public AuthenticationHelper(SecurityContext sc)
- {
- super(sc);
- }
-
- public boolean isTrusted() throws IdentityTrustException
- {
- TrustDecision td = TrustDecision.NotApplicable;
- IdentityTrustManager itm = securityContext.getIdentityTrustManager();
- if(itm != null)
- {
- td = itm.isTrusted(securityContext);
- if(td == TrustDecision.Deny)
- throw new IdentityTrustException("Caller denied by identity trust framework");
- }
- return td == TrustDecision.Permit;
- }
-
- /**
- * Authenticate the caller
- * @param p
- * @param cred
- * @return
- */
- public boolean isValid(Subject subject, String methodName)
- {
- Principal p = securityContext.getUtil().getUserPrincipal();
- Object cred = securityContext.getUtil().getCredential();
-
- Map<String,Object> cMap = getContextMap(p, methodName);
-
- boolean auth = securityContext.getAuthenticationManager().isValid(p, cred, subject);
- if(auth == false)
- {
- // Check for the security association exception
- Exception ex = SecurityActions.getContextException();
- audit(AuditLevel.ERROR, cMap ,ex);
- if(ex == null)
- {
- audit(AuditLevel.FAILURE,cMap,null);
- }
- }
- else
- {
- audit(AuditLevel.SUCCESS,cMap,null);
- }
- return auth;
- }
-
- /**
- * Push the authenticated subject onto the security context
- * IMPORTANT - this needs to be done after the isValid call
- */
- public void pushSubjectContext(Subject subject)
- {
- securityContext.getSubjectInfo().setAuthenticatedSubject(subject);
- }
-}
\ No newline at end of file
Deleted: projects/ejb3/dev/ejbthree1269/security/src/main/java/org/jboss/ejb3/security/helpers/AuthorizationHelper.java
===================================================================
--- projects/ejb3/dev/ejbthree1269/security/src/main/java/org/jboss/ejb3/security/helpers/AuthorizationHelper.java 2008-04-22 14:56:49 UTC (rev 72575)
+++ projects/ejb3/dev/ejbthree1269/security/src/main/java/org/jboss/ejb3/security/helpers/AuthorizationHelper.java 2008-04-22 15:28:27 UTC (rev 72576)
@@ -1,196 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source
- * Copyright 2007, JBoss Inc., and individual contributors as indicated
- * by the @authors tag. See the copyright.txt in the distribution for a
- * full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.ejb3.security.helpers;
-
-import java.lang.reflect.Method;
-import java.security.CodeSource;
-import java.security.Principal;
-import java.util.HashMap;
-import java.util.Set;
-
-import javax.security.auth.Subject;
-import javax.security.jacc.PolicyContext;
-
-import org.jboss.security.AuthorizationManager;
-import org.jboss.security.RealmMapping;
-import org.jboss.security.RunAs;
-import org.jboss.security.SecurityContext;
-import org.jboss.security.SecurityRoleRef;
-import org.jboss.security.audit.AuditLevel;
-import org.jboss.security.authorization.AuthorizationContext;
-import org.jboss.security.authorization.ResourceKeys;
-import org.jboss.security.authorization.resources.EJBResource;
-import org.jboss.security.callbacks.SecurityContextCallbackHandler;
-import org.jboss.security.identity.RoleGroup;
-import org.jboss.security.identity.plugins.SimpleRoleGroup;
-
-/**
- * Authorization Helper
- * @author Anil.Saldhana at redhat.com
- * @since Apr 16, 2008
- * @version $Revision$
- */
-public class AuthorizationHelper extends SecurityHelper
-{
- public AuthorizationHelper(SecurityContext sc)
- {
- super(sc);
- }
-
- /**
- * Authorize an EJB Invocation
- * @param ejbName Name of the EJB
- * @param ejbMethod EJB Method
- * @param ejbPrincipal Calling Principal
- * @param invocationInterfaceString Invocation String("remote", "local")
- * @param ejbCS EJB CodeSource
- * @param callerSubject Authenticated Caller Subject
- * @param callerRunAs Configured RunAs for the caller
- * @param methodRoles a set of Principal objects authorized for the method
- * @return true - if caller is authorized
- */
- public boolean authorize(String ejbName,
- Method ejbMethod,
- Principal ejbPrincipal,
- String invocationInterfaceString,
- CodeSource ejbCS,
- Subject callerSubject,
- RunAs callerRunAs,
- Set<Principal> methodRoles )
- {
- AuthorizationManager am = securityContext.getAuthorizationManager();
-
- HashMap<String,Object> map = new HashMap<String,Object>();
- map.put(ResourceKeys.POLICY_REGISTRATION, am);
-
- String contextID = PolicyContext.getContextID();
- if(contextID == null)
- throw new IllegalStateException("ContextID is null");
-
- EJBResource ejbResource = new EJBResource(map);
- ejbResource.setPolicyContextID(contextID);
- ejbResource.setCallerRunAsIdentity(callerRunAs);
- ejbResource.setEjbName(ejbName);
- ejbResource.setEjbMethod(ejbMethod);
- ejbResource.setPrincipal(ejbPrincipal);
- ejbResource.setEjbMethodInterface(invocationInterfaceString);
- ejbResource.setCodeSource(ejbCS);
- ejbResource.setCallerRunAsIdentity(callerRunAs);
- ejbResource.setCallerSubject(callerSubject);
- //ejbResource.setMethodRoles(methodRoles);
- ejbResource.setEjbMethodRoles(new SimpleRoleGroup(methodRoles));
-
- SecurityContextCallbackHandler sch = new SecurityContextCallbackHandler(this.securityContext);
- RoleGroup callerRoles = am.getSubjectRoles(callerSubject, sch);
-
- boolean isAuthorized = false;
- try
- {
- int check = am.authorize(ejbResource, callerSubject, callerRoles);
- isAuthorized = (check == AuthorizationContext.PERMIT);
- authorizationAudit((isAuthorized ? AuditLevel.SUCCESS : AuditLevel.FAILURE)
- ,ejbResource, null);
- }
- catch (Exception e)
- {
- isAuthorized = false;
- if(log.isTraceEnabled())
- log.trace("Error in authorization:",e);
- authorizationAudit(AuditLevel.ERROR,ejbResource,e);
- }
-
- return isAuthorized;
- }
-
- public Principal getCallerPrincipal(RealmMapping rm)
- {
- /* Get the run-as user or authenticated user. The run-as user is
- returned before any authenticated user.
- */
- Principal caller = SecurityActions.getCallerPrincipal(securityContext);
-
- /* Apply any domain caller mapping. This should really only be
- done for non-run-as callers.
- */
- if (rm != null)
- caller = rm.getPrincipal(caller);
- return caller;
- }
-
- public boolean isCallerInRole(String roleName,String ejbName, Principal ejbPrincipal,
- Set<SecurityRoleRef> securityRoleRefs )
- {
- boolean isAuthorized = false;
- AuthorizationManager am = securityContext.getAuthorizationManager();
-
- if(am == null)
- throw new IllegalStateException("AuthorizationManager is null");
-
- HashMap<String,Object> map = new HashMap<String,Object>();
-
- map.put(ResourceKeys.POLICY_REGISTRATION,am);
- map.put(ResourceKeys.ROLENAME, roleName);
- map.put(ResourceKeys.ROLEREF_PERM_CHECK, Boolean.TRUE);
-
-
- EJBResource ejbResource = new EJBResource(map);
- ejbResource.setPolicyContextID(PolicyContext.getContextID());
-
- RunAs callerRunAs = securityContext.getIncomingRunAs();
-
- ejbResource.setEjbName(ejbName);
- ejbResource.setPrincipal(ejbPrincipal);
- ejbResource.setCallerRunAsIdentity(callerRunAs);
- ejbResource.setSecurityRoleReferences(securityRoleRefs);
-
- //Get the authenticated subject
- Subject subject = null;
- try
- {
- subject = SecurityActions.getActiveSubject();
- }
- catch( Exception e)
- {
- log.trace("Exception in getting subject:",e);
- subject = securityContext.getUtil().getSubject();
- }
-
- ejbResource.setCallerSubject(subject);
- SecurityContextCallbackHandler sch = new SecurityContextCallbackHandler(this.securityContext);
- RoleGroup callerRoles = am.getSubjectRoles(subject, sch);
-
- try
- {
- int check = am.authorize(ejbResource, subject, callerRoles);
- isAuthorized = (check == AuthorizationContext.PERMIT);
- }
- catch (Exception e)
- {
- isAuthorized = false;
- if(log.isTraceEnabled())
- log.trace(roleName + "::isCallerInRole check failed:"+e.getLocalizedMessage());
- authorizationAudit(AuditLevel.ERROR,ejbResource,e);
- }
- return isAuthorized;
- }
-
-}
\ No newline at end of file
Copied: projects/ejb3/dev/ejbthree1269/security/src/main/java/org/jboss/ejb3/security/helpers/EJBContextHelper.java (from rev 72575, projects/ejb3/trunk/security/src/main/java/org/jboss/ejb3/security/helpers/EJBContextHelper.java)
===================================================================
--- projects/ejb3/dev/ejbthree1269/security/src/main/java/org/jboss/ejb3/security/helpers/EJBContextHelper.java (rev 0)
+++ projects/ejb3/dev/ejbthree1269/security/src/main/java/org/jboss/ejb3/security/helpers/EJBContextHelper.java 2008-04-22 15:28:27 UTC (rev 72576)
@@ -0,0 +1,186 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.ejb3.security.helpers;
+
+import java.security.Principal;
+import java.security.PrivilegedActionException;
+import java.util.Collection;
+import java.util.HashSet;
+import java.util.Set;
+
+import javax.naming.InitialContext;
+import javax.security.auth.Subject;
+import javax.security.jacc.PolicyContext;
+
+import org.jboss.ejb3.annotation.SecurityDomain;
+import org.jboss.metadata.ejb.jboss.JBossEnterpriseBeanMetaData;
+import org.jboss.metadata.javaee.spec.SecurityRoleRefMetaData;
+import org.jboss.security.RealmMapping;
+import org.jboss.security.SecurityContext;
+import org.jboss.security.SimplePrincipal;
+import org.jboss.security.authorization.PolicyRegistration;
+import org.jboss.security.javaee.AbstractEJBAuthorizationHelper;
+import org.jboss.security.javaee.SecurityHelperFactory;
+import org.jboss.security.javaee.SecurityRoleRef;
+
+/**
+ * Helper class with programmatic
+ * security methods in EJBContext
+ * @author Anil.Saldhana at redhat.com
+ * @since Apr 17, 2008
+ * @version $Revision$
+ */
+public class EJBContextHelper
+{
+ public Principal getCallerPrincipal(SecurityContext sc,
+ RealmMapping rm, SecurityDomain domain)
+ {
+ Principal callerPrincipal = null;
+
+ if(sc == null)
+ {
+ String unauth = domain.unauthenticatedPrincipal();
+ if(unauth != null && unauth.length() > 0)
+ if(domain.unauthenticatedPrincipal() != null)
+ callerPrincipal = new SimplePrincipal(unauth);
+ }
+ else
+ {
+ AbstractEJBAuthorizationHelper helper;
+ try
+ {
+ helper = SecurityHelperFactory.getEJBAuthorizationHelper(sc);
+ helper.setPolicyRegistration(getPolicyRegistration());
+ }
+ catch (Exception e)
+ {
+ throw new RuntimeException(e);
+ }
+ callerPrincipal = helper.getCallerPrincipal();
+ }
+
+ if(callerPrincipal == null)
+ {
+ //try the incoming principal
+ callerPrincipal = sc.getUtil().getUserPrincipal();
+ if(rm != null)
+ callerPrincipal = rm.getPrincipal(callerPrincipal);
+ }
+
+ if(callerPrincipal == null)
+ {
+ String unauth = domain.unauthenticatedPrincipal();
+ if(unauth != null && unauth.length() > 0)
+ if(domain.unauthenticatedPrincipal() != null)
+ callerPrincipal = new SimplePrincipal(unauth);
+ }
+ return callerPrincipal;
+ }
+
+ public boolean isCallerInRole(SecurityContext sc,
+ SecurityDomain domain,
+ RealmMapping rm,
+ JBossEnterpriseBeanMetaData eb,
+ String roleName,
+ String ejbName)
+ {
+ if(sc == null)
+ {
+ try
+ {
+ sc = SecurityActions.createSecurityContext(domain.value());
+ }
+ catch (PrivilegedActionException e)
+ {
+ throw new RuntimeException(e);
+ }
+ }
+ // TODO: this is too slow
+ Set<SecurityRoleRefMetaData> roleRefs = new HashSet<SecurityRoleRefMetaData>();
+ if(eb != null)
+ {
+ Collection<SecurityRoleRefMetaData> srf = eb.getSecurityRoleRefs();
+ if(srf != null)
+ roleRefs.addAll(srf);
+ }
+
+ //TODO: Get rid of this conversion asap
+ Set<SecurityRoleRef> srset = new HashSet<SecurityRoleRef>();
+ for(SecurityRoleRefMetaData srmd: roleRefs)
+ {
+ srset.add(new SecurityRoleRef(srmd.getRoleName(),srmd.getRoleLink(),null));
+ }
+ Principal principal = getCallerPrincipal(sc, rm, domain);
+ AbstractEJBAuthorizationHelper helper;
+ try
+ {
+ helper = SecurityHelperFactory.getEJBAuthorizationHelper(sc);
+ helper.setPolicyRegistration(getPolicyRegistration());
+ }
+ catch (Exception e)
+ {
+ throw new RuntimeException(e);
+ }
+ Subject callerSubject = null;
+ try
+ {
+ callerSubject = SecurityActions.getActiveSubject();
+ }
+ catch (Exception e)
+ {
+ throw new RuntimeException(e);
+ }
+ return helper.isCallerInRole(roleName,
+ ejbName,
+ principal,
+ callerSubject,
+ this.getContextID(),
+ srset);
+ }
+
+ private PolicyRegistration getPolicyRegistration()
+ {
+ PolicyRegistration policyRegistration = null;
+ try
+ {
+ InitialContext ic = new InitialContext();
+ policyRegistration = (PolicyRegistration) ic.lookup("java:/policyRegistration");
+ }
+ catch(Exception e)
+ {
+ throw new RuntimeException(e);
+ }
+ return policyRegistration;
+ }
+
+ private String getContextID()
+ {
+ try
+ {
+ return PolicyContext.getContextID();
+ }
+ catch(Exception e)
+ {
+ throw new RuntimeException(e);
+ }
+ }
+}
\ No newline at end of file
Modified: projects/ejb3/dev/ejbthree1269/security/src/main/java/org/jboss/ejb3/security/helpers/SecurityActions.java
===================================================================
--- projects/ejb3/dev/ejbthree1269/security/src/main/java/org/jboss/ejb3/security/helpers/SecurityActions.java 2008-04-22 14:56:49 UTC (rev 72575)
+++ projects/ejb3/dev/ejbthree1269/security/src/main/java/org/jboss/ejb3/security/helpers/SecurityActions.java 2008-04-22 15:28:27 UTC (rev 72576)
@@ -34,6 +34,7 @@
import org.jboss.security.SecurityConstants;
import org.jboss.security.SecurityContext;
import org.jboss.security.SecurityContextAssociation;
+import org.jboss.security.SecurityContextFactory;
/**
@@ -43,8 +44,7 @@
* @version $Revision$
*/
class SecurityActions
-{
-
+{
static Principal getCallerPrincipal(final SecurityContext securityContext)
{
return AccessController.doPrivileged(new PrivilegedAction<Principal>()
@@ -101,4 +101,15 @@
}
});
}
+
+ static SecurityContext createSecurityContext(final String securityDomain)
+ throws PrivilegedActionException
+ {
+ return AccessController.doPrivileged(new PrivilegedExceptionAction<SecurityContext>()
+ {
+ public SecurityContext run() throws Exception
+ {
+ return SecurityContextFactory.createSecurityContext(securityDomain);
+ }});
+ }
}
\ No newline at end of file
More information about the jboss-cvs-commits
mailing list