[jboss-cvs] JBossAS SVN: r81922 - projects/security/security-spi/trunk/spi/src/main/org/jboss/security/javaee.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Mon Dec 1 15:39:01 EST 2008
Author: anil.saldhana at jboss.com
Date: 2008-12-01 15:39:01 -0500 (Mon, 01 Dec 2008)
New Revision: 81922
Modified:
projects/security/security-spi/trunk/spi/src/main/org/jboss/security/javaee/AbstractEJBAuthorizationHelper.java
projects/security/security-spi/trunk/spi/src/main/org/jboss/security/javaee/AbstractWebAuthorizationHelper.java
projects/security/security-spi/trunk/spi/src/main/org/jboss/security/javaee/EJBAuthenticationHelper.java
Log:
SECURITY-336: sanitize inputs
Modified: projects/security/security-spi/trunk/spi/src/main/org/jboss/security/javaee/AbstractEJBAuthorizationHelper.java
===================================================================
--- projects/security/security-spi/trunk/spi/src/main/org/jboss/security/javaee/AbstractEJBAuthorizationHelper.java 2008-12-01 20:34:53 UTC (rev 81921)
+++ projects/security/security-spi/trunk/spi/src/main/org/jboss/security/javaee/AbstractEJBAuthorizationHelper.java 2008-12-01 20:39:01 UTC (rev 81922)
@@ -65,7 +65,9 @@
* @param callerRunAs
* @param contextID
* @param methodRoles
- * @return
+ * @return true - subject is authorized
+ * @throws IllegalStateException Authorization Manager from SecurityContext is null
+ * @throws IllegalArgumentException ejbName, ejbMethod, ejbCS, contextID is null
*/
public abstract boolean authorize(String ejbName,
Method ejbMethod,
@@ -85,7 +87,9 @@
* @param callerSubject
* @param contextID
* @param securityRoleRefs
- * @return
+ * @return true - caller is in the role
+ * @throws IllegalStateException Authorization Manager from SecurityContext is null
+ * @throws IllegalArgumentException roleName, ejbName, contextID is null
*/
public abstract boolean isCallerInRole(String roleName,
String ejbName,
@@ -105,7 +109,9 @@
* @param contextID
* @param securityRoleRefs
* @param enforceEJBRestrictions
- * @return
+ * @return true - caller is in the role
+ * @throws IllegalStateException Authorization Manager from SecurityContext is null
+ * @throws IllegalArgumentException roleName, ejbName, contextID is null
*/
public abstract boolean isCallerInRole(String roleName,
String ejbName,
Modified: projects/security/security-spi/trunk/spi/src/main/org/jboss/security/javaee/AbstractWebAuthorizationHelper.java
===================================================================
--- projects/security/security-spi/trunk/spi/src/main/org/jboss/security/javaee/AbstractWebAuthorizationHelper.java 2008-12-01 20:34:53 UTC (rev 81921)
+++ projects/security/security-spi/trunk/spi/src/main/org/jboss/security/javaee/AbstractWebAuthorizationHelper.java 2008-12-01 20:39:01 UTC (rev 81922)
@@ -50,6 +50,18 @@
this.enableAudit = enableAudit;
}
+ /**
+ * Validate that the caller has the permission to access a web resource
+ * @param contextMap
+ * @param request
+ * @param response
+ * @param callerSubject
+ * @param contextID
+ * @param canonicalRequestURI
+ * @return true - permitted
+ * @throws IllegalArgumentException request, response, callerSubject, contextID or canonicalRequestURI is null
+ * @throws IllegalStateException Authorization Manager from Security Context is null
+ */
public abstract boolean checkResourcePermission(
Map<String, Object> contextMap,
ServletRequest request,
@@ -58,6 +70,18 @@
String contextID,
String canonicalRequestURI);
+ /**
+ * Validate that the caller has the required role to access a resource
+ * @param roleName
+ * @param principal
+ * @param servletName
+ * @param principalRoles
+ * @param contextID
+ * @param callerSubject
+ * @return
+ * @throws IllegalArgumentException roleName, contextID, callerSubject is null
+ * @throws IllegalStateException Authorization Manager from Security Context is null
+ */
public abstract boolean hasRole(
String roleName,
Principal principal,
@@ -66,6 +90,17 @@
String contextID,
Subject callerSubject);
+ /**
+ * Validate whether the transport constraints are met by the caller
+ * @param contextMap
+ * @param request
+ * @param response
+ * @param contextID
+ * @param callerSubject
+ * @return
+ * @throws IllegalArgumentException request, response, callerSubject or contextID is null
+ * @throws IllegalStateException Authorization Manager from Security Context is null
+ */
public abstract boolean hasUserDataPermission(
Map<String,Object> contextMap,
ServletRequest request,
Modified: projects/security/security-spi/trunk/spi/src/main/org/jboss/security/javaee/EJBAuthenticationHelper.java
===================================================================
--- projects/security/security-spi/trunk/spi/src/main/org/jboss/security/javaee/EJBAuthenticationHelper.java 2008-12-01 20:34:53 UTC (rev 81921)
+++ projects/security/security-spi/trunk/spi/src/main/org/jboss/security/javaee/EJBAuthenticationHelper.java 2008-12-01 20:39:01 UTC (rev 81922)
@@ -47,6 +47,11 @@
this.securityContext = sc;
}
+ /**
+ * Whether the current caller can be trusted?
+ * @return true - trust the caller, false - otherwise
+ * @throws IdentityTrustException
+ */
public boolean isTrusted() throws IdentityTrustException
{
TrustDecision td = TrustDecision.NotApplicable;
@@ -65,9 +70,15 @@
* @param p
* @param cred
* @return
+ * @throws IllegalArgumentException subject or methodName is null
*/
public boolean isValid(Subject subject, String methodName)
{
+ if(subject == null)
+ throw new IllegalArgumentException("subject is null");
+ if(methodName == null)
+ throw new IllegalArgumentException("methodName is null");
+
Principal p = securityContext.getUtil().getUserPrincipal();
Object cred = securityContext.getUtil().getCredential();
More information about the jboss-cvs-commits
mailing list