[jboss-cvs] JBossAS SVN: r82440 - in projects/ejb3/trunk/core: src/main/java/org/jboss/ejb3 and 10 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Fri Dec 19 08:22:45 EST 2008
Author: wolfc
Date: 2008-12-19 08:22:45 -0500 (Fri, 19 Dec 2008)
New Revision: 82440
Added:
projects/ejb3/trunk/core/src/test/java/org/jboss/ejb3/core/test/common/SimpleSecurityService.java
projects/ejb3/trunk/core/src/test/java/org/jboss/ejb3/core/test/common/security/
projects/ejb3/trunk/core/src/test/java/org/jboss/ejb3/core/test/common/security/SimplePolicyRegistration.java
projects/ejb3/trunk/core/src/test/java/org/jboss/ejb3/core/test/ejbthree1646/
projects/ejb3/trunk/core/src/test/java/org/jboss/ejb3/core/test/ejbthree1646/SecuredBean.java
projects/ejb3/trunk/core/src/test/java/org/jboss/ejb3/core/test/ejbthree1646/SecuredLocal.java
projects/ejb3/trunk/core/src/test/java/org/jboss/ejb3/core/test/ejbthree1646/unit/
projects/ejb3/trunk/core/src/test/java/org/jboss/ejb3/core/test/ejbthree1646/unit/AuthenticationInterceptorTestCase.java
projects/ejb3/trunk/core/src/test/java/org/jboss/security/
projects/ejb3/trunk/core/src/test/java/org/jboss/security/integration/
projects/ejb3/trunk/core/src/test/java/org/jboss/security/integration/JNDIBasedSecurityManagement.java
projects/ejb3/trunk/core/src/test/resources/securitymanager-beans.xml
Modified:
projects/ejb3/trunk/core/pom.xml
projects/ejb3/trunk/core/src/main/java/org/jboss/ejb3/EJBContextImpl.java
projects/ejb3/trunk/core/src/main/java/org/jboss/ejb3/security/Ejb3AuthenticationInterceptorv2.java
Log:
EJBTHREE-1646: removed caching of callerPrincipal and always reset SecurityContext
Modified: projects/ejb3/trunk/core/pom.xml
===================================================================
--- projects/ejb3/trunk/core/pom.xml 2008-12-19 11:03:53 UTC (rev 82439)
+++ projects/ejb3/trunk/core/pom.xml 2008-12-19 13:22:45 UTC (rev 82440)
@@ -592,7 +592,7 @@
<dependency>
<groupId>org.jboss.security</groupId>
<artifactId>jboss-security-spi</artifactId>
- <version>2.0.2.CR5</version>
+ <version>2.0.2.SP2</version>
</dependency>
<dependency>
Modified: projects/ejb3/trunk/core/src/main/java/org/jboss/ejb3/EJBContextImpl.java
===================================================================
--- projects/ejb3/trunk/core/src/main/java/org/jboss/ejb3/EJBContextImpl.java 2008-12-19 11:03:53 UTC (rev 82439)
+++ projects/ejb3/trunk/core/src/main/java/org/jboss/ejb3/EJBContextImpl.java 2008-12-19 13:22:45 UTC (rev 82440)
@@ -58,9 +58,6 @@
protected B beanContext;
protected EJBContextHelper ejbContextHelper;
- /** Principal for the bean associated with the call **/
- private Principal beanPrincipal;
-
protected EJBContextImpl(B beanContext)
{
assert beanContext != null : "beanContext is null";
@@ -134,20 +131,16 @@
*/
public Principal getCallerPrincipal()
{
- if(beanPrincipal == null)
- {
- EJBContainer ec = (EJBContainer) container;
- SecurityDomain domain = ec.getAnnotation(SecurityDomain.class);
- Principal callerPrincipal = ejbContextHelper.getCallerPrincipal(SecurityActions.getSecurityContext(),
- rm, domain);
-
- // This method never returns null.
- if (callerPrincipal == null)
- throw new java.lang.IllegalStateException("No valid security context for the caller identity");
-
- beanPrincipal = callerPrincipal;
- }
- return beanPrincipal;
+ EJBContainer ec = (EJBContainer) container;
+ SecurityDomain domain = ec.getAnnotation(SecurityDomain.class);
+ Principal callerPrincipal = ejbContextHelper.getCallerPrincipal(SecurityActions.getSecurityContext(),
+ rm, domain);
+
+ // This method never returns null.
+ if (callerPrincipal == null)
+ throw new java.lang.IllegalStateException("No valid security context for the caller identity");
+
+ return callerPrincipal;
}
Modified: projects/ejb3/trunk/core/src/main/java/org/jboss/ejb3/security/Ejb3AuthenticationInterceptorv2.java
===================================================================
--- projects/ejb3/trunk/core/src/main/java/org/jboss/ejb3/security/Ejb3AuthenticationInterceptorv2.java 2008-12-19 11:03:53 UTC (rev 82439)
+++ projects/ejb3/trunk/core/src/main/java/org/jboss/ejb3/security/Ejb3AuthenticationInterceptorv2.java 2008-12-19 13:22:45 UTC (rev 82440)
@@ -23,6 +23,7 @@
import java.lang.reflect.Method;
import java.security.AccessController;
+import java.security.Principal;
import java.security.PrivilegedExceptionAction;
import javax.ejb.EJBAccessException;
@@ -79,108 +80,109 @@
return invocation.invokeNext();
SecurityContext prevSC = SecurityActions.getSecurityContext();
- SecurityContext invSC = (SecurityContext) invocation.getMetaData("security","context");
-
- SecurityDomain domain = container.getAnnotation(SecurityDomain.class);
-
- boolean domainExists = domain != null && domain.value() != null
- && domain.value().length() > 0;
-
- /**
- * TODO: Decide if you want to allow zero security based on non-availability
- * of a security domain, as per the configuration on the container
- */
- if(domainExists)
- {
- String domainValue = canonicalizeSecurityDomain(domain.value());
+ try
+ {
+ SecurityContext invSC = (SecurityContext) invocation.getMetaData("security","context");
- /* Need to establish the security context. For local calls, we pick the outgoing runas
- * of the existing sc. For remote calls, we create a new security context with the information
- * from the invocation sc
+ SecurityDomain domain = container.getAnnotation(SecurityDomain.class);
+
+ boolean domainExists = domain != null && domain.value() != null
+ && domain.value().length() > 0;
+
+ /**
+ * TODO: Decide if you want to allow zero security based on non-availability
+ * of a security domain, as per the configuration on the container
*/
- final SecurityContext sc = SecurityActions.createSecurityContext(domainValue);
-
- if(shelper.isLocalCall(mi))
- {
- if(prevSC == null)
- throw new IllegalStateException("Local Call: Security Context is null");
- populateSecurityContext(sc, prevSC);
- }
- else
- {
- //Remote Invocation
- if(invSC == null)
- throw new IllegalStateException("Remote Call: Invocation Security Context is null");
-
- populateSecurityContext(sc, invSC);
- }
-
- SecurityActions.setSecurityContext(sc);
+ if(domainExists)
+ {
+ String domainValue = canonicalizeSecurityDomain(domain.value());
- //TODO: Need to get the SecurityManagement instance
- AccessController.doPrivileged(new PrivilegedExceptionAction<Object>()
- {
- public Object run() throws Exception
- {
- sc.setSecurityManagement(getSecurityManagement());
- return null;
- }
- });
-
-
- //Check if there is a RunAs configured and can be trusted
- EJBAuthenticationHelper helper = null;
- try
- {
- helper = SecurityHelperFactory.getEJBAuthenticationHelper(sc);
- }
- catch(Exception e)
- {
- throw new RuntimeException(e);
- }
- boolean trustedCaller = hasIncomingRunAsIdentity(sc) || helper.isTrusted();
- if(!trustedCaller)
- {
- Subject subject = new Subject();
- /**
- * Special Case: Invocation has no principal set,
- * but an unauthenticatedPrincipal has been configured in JBoss DD
+ /* Need to establish the security context. For local calls, we pick the outgoing runas
+ * of the existing sc. For remote calls, we create a new security context with the information
+ * from the invocation sc
*/
- String unauthenticatedPrincipal = domain.unauthenticatedPrincipal();
- if(sc.getUtil().getUserPrincipal() == null && unauthenticatedPrincipal !=null &&
- unauthenticatedPrincipal.length() > 0)
+ final SecurityContext sc = SecurityActions.createSecurityContext(domainValue);
+
+ if(shelper.isLocalCall(mi))
{
- Identity unauthenticatedIdentity = new SimpleIdentity(unauthenticatedPrincipal);
- sc.getSubjectInfo().addIdentity(unauthenticatedIdentity);
- subject.getPrincipals().add(unauthenticatedIdentity.asPrincipal());
+ if(prevSC == null)
+ throw new IllegalStateException("Local Call: Security Context is null");
+ populateSecurityContext(sc, prevSC);
}
else
{
- //Authenticate the caller now
- if(!helper.isValid(subject, method.getName()))
- throw new EJBAccessException("Invalid User");
+ //Remote Invocation
+ if(invSC == null)
+ throw new IllegalStateException("Remote Call: Invocation Security Context is null");
+
+ populateSecurityContext(sc, invSC);
}
- helper.pushSubjectContext(subject);
+
+ SecurityActions.setSecurityContext(sc);
+
+ //TODO: Need to get the SecurityManagement instance
+ AccessController.doPrivileged(new PrivilegedExceptionAction<Object>()
+ {
+ public Object run() throws Exception
+ {
+ sc.setSecurityManagement(getSecurityManagement());
+ return null;
+ }
+ });
+
+
+ //Check if there is a RunAs configured and can be trusted
+ EJBAuthenticationHelper helper = null;
+ try
+ {
+ helper = SecurityHelperFactory.getEJBAuthenticationHelper(sc);
+ }
+ catch(Exception e)
+ {
+ throw new RuntimeException(e);
+ }
+ boolean trustedCaller = hasIncomingRunAsIdentity(sc) || helper.isTrusted();
+ if(!trustedCaller)
+ {
+ Subject subject = new Subject();
+ /**
+ * Special Case: Invocation has no principal set,
+ * but an unauthenticatedPrincipal has been configured in JBoss DD
+ */
+ Principal userPrincipal = sc.getUtil().getUserPrincipal();
+ String unauthenticatedPrincipal = domain.unauthenticatedPrincipal();
+ if(userPrincipal == null && unauthenticatedPrincipal !=null &&
+ unauthenticatedPrincipal.length() > 0)
+ {
+ Identity unauthenticatedIdentity = new SimpleIdentity(unauthenticatedPrincipal);
+ sc.getSubjectInfo().addIdentity(unauthenticatedIdentity);
+ subject.getPrincipals().add(unauthenticatedIdentity.asPrincipal());
+ }
+ else
+ {
+ //Authenticate the caller now
+ if(!helper.isValid(subject, method.getName()))
+ throw new EJBAccessException("Invalid User");
+ }
+ helper.pushSubjectContext(subject);
+ }
+ else
+ {
+ //Trusted caller. No need for authentication. Straight to authorization
+ }
}
else
- {
- //Trusted caller. No need for authentication. Straight to authorization
- }
- }
- else
- {
- //domain == null
- /**
- * Special Case when a bean with no security domain defined comes with a security
- * context attached.
- */
- if(invSC != null)
{
- SecurityActions.setSecurityContext(invSC);
+ //domain == null
+ /**
+ * Special Case when a bean with no security domain defined comes with a security
+ * context attached.
+ */
+ if(invSC != null)
+ {
+ SecurityActions.setSecurityContext(invSC);
+ }
}
- }
- try
- {
return invocation.invokeNext();
}
finally
Added: projects/ejb3/trunk/core/src/test/java/org/jboss/ejb3/core/test/common/SimpleSecurityService.java
===================================================================
--- projects/ejb3/trunk/core/src/test/java/org/jboss/ejb3/core/test/common/SimpleSecurityService.java (rev 0)
+++ projects/ejb3/trunk/core/src/test/java/org/jboss/ejb3/core/test/common/SimpleSecurityService.java 2008-12-19 13:22:45 UTC (rev 82440)
@@ -0,0 +1,307 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.ejb3.core.test.common;
+
+import java.security.Principal;
+import java.security.acl.Group;
+import java.util.Map;
+import java.util.Set;
+
+import javax.naming.InitialContext;
+import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
+
+import org.jboss.ejb3.NonSerializableFactory;
+import org.jboss.ejb3.core.test.common.security.SimplePolicyRegistration;
+import org.jboss.logging.Logger;
+import org.jboss.security.AuthenticationManager;
+import org.jboss.security.AuthorizationManager;
+import org.jboss.security.ISecurityManagement;
+import org.jboss.security.RealmMapping;
+import org.jboss.security.audit.AuditEvent;
+import org.jboss.security.audit.AuditManager;
+import org.jboss.security.authorization.AuthorizationContext;
+import org.jboss.security.authorization.AuthorizationException;
+import org.jboss.security.authorization.EntitlementHolder;
+import org.jboss.security.authorization.Permission;
+import org.jboss.security.authorization.Resource;
+import org.jboss.security.authorization.resources.EJBResource;
+import org.jboss.security.identity.Identity;
+import org.jboss.security.identity.Role;
+import org.jboss.security.identity.RoleGroup;
+import org.jboss.security.identity.plugins.SimpleRole;
+import org.jboss.security.identitytrust.IdentityTrustManager;
+import org.jboss.security.mapping.MappingManager;
+
+/**
+ * @author <a href="mailto:cdewolf at redhat.com">Carlo de Wolf</a>
+ * @version $Revision: $
+ */
+public class SimpleSecurityService implements ISecurityManagement
+{
+ private static final long serialVersionUID = 1L;
+
+ private static final Logger log = Logger.getLogger(SimpleSecurityService.class);
+
+ private InitialContext ctx;
+
+ public AuditManager getAuditManager(String securityDomain)
+ {
+ return new SimpleAuditManager(securityDomain);
+ }
+
+ public AuthenticationManager getAuthenticationManager(String securityDomain)
+ {
+ return new SimpleAuthenticationManager(securityDomain);
+ }
+
+ public AuthorizationManager getAuthorizationManager(String securityDomain)
+ {
+ return new SimpleAuthorizationManager(securityDomain);
+ }
+
+ public IdentityTrustManager getIdentityTrustManager(String securityDomain)
+ {
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see org.jboss.security.ISecurityManagement#getMappingManager(java.lang.String)
+ */
+ public MappingManager getMappingManager(String securityDomain)
+ {
+ // TODO Auto-generated method stub
+ //return null;
+ throw new RuntimeException("NYI");
+ }
+
+ public void start() throws Exception
+ {
+ ctx = new InitialContext();
+ ctx.bind("java:/policyRegistration", new SimplePolicyRegistration());
+ NonSerializableFactory.bind(ctx, "securityManagement", this);
+ NonSerializableFactory.bind(ctx, "java:/jaas/test", getAuthenticationManager("test"));
+ }
+
+ public void stop() throws Exception
+ {
+ ctx.close();
+ ctx = null;
+ }
+
+ private static abstract class AbstractManager
+ {
+ private String securityDomain;
+
+ private AbstractManager(String securityDomain)
+ {
+ assert securityDomain != null : "securityDomain is null";
+
+ this.securityDomain = securityDomain;
+ }
+
+ public final String getSecurityDomain()
+ {
+ return securityDomain;
+ }
+ }
+
+ private static class SimpleAuditManager extends AbstractManager implements AuditManager
+ {
+ private SimpleAuditManager(String securityDomain)
+ {
+ super(securityDomain);
+ }
+
+ public void audit(AuditEvent ae)
+ {
+ Exception e = ae.getUnderlyingException();
+ if(e != null)
+ log.warn("Authentication failed", e);
+ log.info(ae.toString());
+ }
+ }
+
+ private static class SimpleAuthenticationManager extends AbstractManager implements AuthenticationManager, RealmMapping
+ {
+ private SimpleAuthenticationManager(String securityDomain)
+ {
+ super(securityDomain);
+ }
+
+ public boolean doesUserHaveRole(Principal principal, Set<Principal> roles)
+ {
+ throw new RuntimeException("NYI");
+ }
+
+ public Subject getActiveSubject()
+ {
+ throw new RuntimeException("NYI");
+ }
+
+ public Principal getPrincipal(Principal principal)
+ {
+ //throw new RuntimeException("NYI");
+ return principal;
+ }
+
+ public Principal getTargetPrincipal(Principal anotherDomainPrincipal, Map<String, Object> contextMap)
+ {
+ throw new RuntimeException("NYI");
+ }
+
+ public Set<Principal> getUserRoles(Principal principal)
+ {
+ throw new RuntimeException("NYI");
+ }
+
+ public boolean isValid(Principal principal, Object credential)
+ {
+ throw new RuntimeException("NYI");
+ }
+
+ public boolean isValid(Principal principal, Object credential, Subject activeSubject)
+ {
+ if(principal == null)
+ return false;
+ // TODO: almost everything is valid for now
+ if(principal.getName().startsWith("Invalid"))
+ return false;
+ activeSubject.getPrincipals().add(principal);
+ return true;
+ }
+ }
+
+ private static class SimpleAuthorizationManager extends AbstractManager implements AuthorizationManager
+ {
+ private SimpleAuthorizationManager(String securityDomain)
+ {
+ super(securityDomain);
+ }
+
+ /* (non-Javadoc)
+ * @see org.jboss.security.AuthorizationManager#authorize(org.jboss.security.authorization.Resource)
+ */
+ public int authorize(Resource resource) throws AuthorizationException
+ {
+ // TODO Auto-generated method stub
+ //return 0;
+ throw new RuntimeException("NYI");
+ }
+
+ /* (non-Javadoc)
+ * @see org.jboss.security.AuthorizationManager#authorize(org.jboss.security.authorization.Resource, javax.security.auth.Subject)
+ */
+ public int authorize(Resource resource, Subject subject) throws AuthorizationException
+ {
+ // TODO Auto-generated method stub
+ //return 0;
+ throw new RuntimeException("NYI");
+ }
+
+ /* (non-Javadoc)
+ * @see org.jboss.security.AuthorizationManager#authorize(org.jboss.security.authorization.Resource, org.jboss.security.identity.Identity, org.jboss.security.authorization.Permission)
+ */
+ public int authorize(Resource resource, Identity identity, Permission permission) throws AuthorizationException
+ {
+ // TODO Auto-generated method stub
+ //return 0;
+ throw new RuntimeException("NYI");
+ }
+
+ public int authorize(Resource resource, Subject subject, RoleGroup role) throws AuthorizationException
+ {
+ log.debug("authorize " + resource + " " + subject + " " + role);
+ EJBResource ejbResource = (EJBResource) resource;
+ RoleGroup methodRoles = ejbResource.getEjbMethodRoles();
+ if(methodRoles == null)
+ return AuthorizationContext.PERMIT;
+ if(methodRoles.containsRole(SimpleRole.ANYBODY_ROLE))
+ return AuthorizationContext.PERMIT;
+ for(Principal p : subject.getPrincipals())
+ {
+ // TODO: not really true, but for the moment lets assume that the principal is also the role
+ Role myRole = new SimpleRole(p.getName());
+ if(methodRoles.containsRole(myRole))
+ return AuthorizationContext.PERMIT;
+ }
+ return AuthorizationContext.DENY;
+ }
+
+ /* (non-Javadoc)
+ * @see org.jboss.security.AuthorizationManager#authorize(org.jboss.security.authorization.Resource, javax.security.auth.Subject, java.security.acl.Group)
+ */
+ public int authorize(Resource resource, Subject subject, Group roleGroup) throws AuthorizationException
+ {
+ // TODO Auto-generated method stub
+ //return 0;
+ throw new RuntimeException("NYI");
+ }
+
+ /* (non-Javadoc)
+ * @see org.jboss.security.AuthorizationManager#doesUserHaveRole(java.security.Principal, java.util.Set)
+ */
+ public boolean doesUserHaveRole(Principal principal, Set<Principal> roles)
+ {
+ // TODO Auto-generated method stub
+ //return false;
+ throw new RuntimeException("NYI");
+ }
+
+ /* (non-Javadoc)
+ * @see org.jboss.security.AuthorizationManager#getEntitlements(java.lang.Class, org.jboss.security.authorization.Resource, org.jboss.security.identity.Identity)
+ */
+ public <T> EntitlementHolder<T> getEntitlements(Class<T> clazz, Resource resource, Identity identity)
+ throws AuthorizationException
+ {
+ // TODO Auto-generated method stub
+ //return null;
+ throw new RuntimeException("NYI");
+ }
+
+ public RoleGroup getSubjectRoles(Subject authenticatedSubject, CallbackHandler cbh)
+ {
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see org.jboss.security.AuthorizationManager#getTargetRoles(java.security.Principal, java.util.Map)
+ */
+ public Group getTargetRoles(Principal targetPrincipal, Map<String, Object> contextMap)
+ {
+ // TODO Auto-generated method stub
+ //return null;
+ throw new RuntimeException("NYI");
+ }
+
+ /* (non-Javadoc)
+ * @see org.jboss.security.AuthorizationManager#getUserRoles(java.security.Principal)
+ */
+ public Set<Principal> getUserRoles(Principal principal)
+ {
+ // TODO Auto-generated method stub
+ //return null;
+ throw new RuntimeException("NYI");
+ }
+ }
+
+}
Added: projects/ejb3/trunk/core/src/test/java/org/jboss/ejb3/core/test/common/security/SimplePolicyRegistration.java
===================================================================
--- projects/ejb3/trunk/core/src/test/java/org/jboss/ejb3/core/test/common/security/SimplePolicyRegistration.java (rev 0)
+++ projects/ejb3/trunk/core/src/test/java/org/jboss/ejb3/core/test/common/security/SimplePolicyRegistration.java 2008-12-19 13:22:45 UTC (rev 82440)
@@ -0,0 +1,89 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.ejb3.core.test.common.security;
+
+import java.io.InputStream;
+import java.io.Serializable;
+import java.net.URL;
+import java.util.Map;
+
+import org.jboss.security.authorization.PolicyRegistration;
+
+/**
+ * @author <a href="mailto:cdewolf at redhat.com">Carlo de Wolf</a>
+ * @version $Revision: $
+ */
+public class SimplePolicyRegistration implements PolicyRegistration, Serializable
+{
+ private static final long serialVersionUID = 1L;
+
+ /* (non-Javadoc)
+ * @see org.jboss.security.authorization.PolicyRegistration#deRegisterPolicy(java.lang.String, java.lang.String)
+ */
+ public void deRegisterPolicy(String contextID, String type)
+ {
+ // TODO Auto-generated method stub
+ //
+ throw new RuntimeException("NYI");
+ }
+
+ /* (non-Javadoc)
+ * @see org.jboss.security.authorization.PolicyRegistration#getPolicy(java.lang.String, java.lang.String, java.util.Map)
+ */
+ public <T> T getPolicy(String contextID, String type, Map<String, Object> contextMap)
+ {
+ // TODO Auto-generated method stub
+ //return null;
+ throw new RuntimeException("NYI");
+ }
+
+ /* (non-Javadoc)
+ * @see org.jboss.security.authorization.PolicyRegistration#registerPolicy(java.lang.String, java.lang.String, java.net.URL)
+ */
+ public void registerPolicy(String contextID, String type, URL location)
+ {
+ // TODO Auto-generated method stub
+ //
+ throw new RuntimeException("NYI");
+ }
+
+ /* (non-Javadoc)
+ * @see org.jboss.security.authorization.PolicyRegistration#registerPolicy(java.lang.String, java.lang.String, java.io.InputStream)
+ */
+ public void registerPolicy(String contextID, String type, InputStream stream)
+ {
+ // TODO Auto-generated method stub
+ //
+ throw new RuntimeException("NYI");
+ }
+
+ /* (non-Javadoc)
+ * @see org.jboss.security.authorization.PolicyRegistration#registerPolicyConfigFile(java.lang.String, java.lang.String, java.io.InputStream)
+ */
+ public void registerPolicyConfigFile(String contextId, String type, InputStream stream)
+ {
+ // TODO Auto-generated method stub
+ //
+ throw new RuntimeException("NYI");
+ }
+
+}
Added: projects/ejb3/trunk/core/src/test/java/org/jboss/ejb3/core/test/ejbthree1646/SecuredBean.java
===================================================================
--- projects/ejb3/trunk/core/src/test/java/org/jboss/ejb3/core/test/ejbthree1646/SecuredBean.java (rev 0)
+++ projects/ejb3/trunk/core/src/test/java/org/jboss/ejb3/core/test/ejbthree1646/SecuredBean.java 2008-12-19 13:22:45 UTC (rev 82440)
@@ -0,0 +1,52 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.ejb3.core.test.ejbthree1646;
+
+import javax.annotation.Resource;
+import javax.annotation.security.RolesAllowed;
+import javax.ejb.SessionContext;
+import javax.ejb.Stateless;
+
+import org.jboss.ejb3.annotation.SecurityDomain;
+
+/**
+ * @author <a href="mailto:cdewolf at redhat.com">Carlo de Wolf</a>
+ * @version $Revision: $
+ */
+ at Stateless
+ at SecurityDomain(value="test", unauthenticatedPrincipal="nobody")
+public class SecuredBean implements SecuredLocal
+{
+ @Resource
+ private SessionContext ctx;
+
+ @RolesAllowed("Admin")
+ public void onlyAdmin()
+ {
+ // do nothing
+ }
+
+ public String whoAmI()
+ {
+ return ctx.getCallerPrincipal().getName();
+ }
+}
Added: projects/ejb3/trunk/core/src/test/java/org/jboss/ejb3/core/test/ejbthree1646/SecuredLocal.java
===================================================================
--- projects/ejb3/trunk/core/src/test/java/org/jboss/ejb3/core/test/ejbthree1646/SecuredLocal.java (rev 0)
+++ projects/ejb3/trunk/core/src/test/java/org/jboss/ejb3/core/test/ejbthree1646/SecuredLocal.java 2008-12-19 13:22:45 UTC (rev 82440)
@@ -0,0 +1,36 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.ejb3.core.test.ejbthree1646;
+
+import javax.ejb.Local;
+
+/**
+ * @author <a href="mailto:cdewolf at redhat.com">Carlo de Wolf</a>
+ * @version $Revision: $
+ */
+ at Local
+public interface SecuredLocal
+{
+ void onlyAdmin();
+
+ String whoAmI();
+}
Added: projects/ejb3/trunk/core/src/test/java/org/jboss/ejb3/core/test/ejbthree1646/unit/AuthenticationInterceptorTestCase.java
===================================================================
--- projects/ejb3/trunk/core/src/test/java/org/jboss/ejb3/core/test/ejbthree1646/unit/AuthenticationInterceptorTestCase.java (rev 0)
+++ projects/ejb3/trunk/core/src/test/java/org/jboss/ejb3/core/test/ejbthree1646/unit/AuthenticationInterceptorTestCase.java 2008-12-19 13:22:45 UTC (rev 82440)
@@ -0,0 +1,138 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.ejb3.core.test.ejbthree1646.unit;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertSame;
+import static org.junit.Assert.fail;
+
+import java.security.Principal;
+
+import javax.ejb.EJBAccessException;
+import javax.security.auth.Subject;
+
+import org.jboss.ejb3.core.test.common.AbstractEJB3TestCase;
+import org.jboss.ejb3.core.test.ejbthree1646.SecuredBean;
+import org.jboss.ejb3.core.test.ejbthree1646.SecuredLocal;
+import org.jboss.ejb3.session.SessionContainer;
+import org.jboss.security.SecurityContext;
+import org.jboss.security.SecurityContextAssociation;
+import org.jboss.security.SecurityContextFactory;
+import org.jboss.security.SecurityContextUtil;
+import org.jboss.security.SimplePrincipal;
+import org.junit.After;
+import org.junit.BeforeClass;
+import org.junit.Test;
+
+/**
+ * @author <a href="mailto:cdewolf at redhat.com">Carlo de Wolf</a>
+ * @version $Revision: $
+ */
+public class AuthenticationInterceptorTestCase extends AbstractEJB3TestCase
+{
+ @After
+ public void after()
+ {
+ SecurityContextAssociation.setSecurityContext(null);
+ }
+
+ @BeforeClass
+ public static void beforeClass() throws Exception
+ {
+ AbstractEJB3TestCase.beforeClass();
+
+ deploy("securitymanager-beans.xml");
+
+ SessionContainer container = deploySessionEjb(SecuredBean.class);
+ container.setJaccContextId("test");
+ }
+
+ @Test
+ public void test1() throws Exception
+ {
+ SecuredLocal bean = lookup("SecuredBean/local", SecuredLocal.class);
+
+ SecurityContext sc = SecurityContextFactory.createSecurityContext("test");
+ SecurityContextAssociation.setSecurityContext(sc);
+
+ assertEquals("nobody", bean.whoAmI());
+
+ try
+ {
+ bean.onlyAdmin();
+ fail("Should have thrown EJBAccessException");
+ }
+ catch(EJBAccessException e)
+ {
+ // good
+ }
+ }
+
+ @Test
+ public void test2() throws Exception
+ {
+ SecuredLocal bean = lookup("SecuredBean/local", SecuredLocal.class);
+
+ SecurityContext sc = SecurityContextFactory.createSecurityContext("test");
+ SecurityContextUtil util = sc.getUtil();
+ Principal principal = new SimplePrincipal("Admin");
+ Object credential = null;
+ Subject subject = new Subject();
+ subject.getPrincipals().add(principal);
+ subject.getPrivateCredentials().add(credential);
+ util.createSubjectInfo(principal, credential, subject);
+ SecurityContextAssociation.setSecurityContext(sc);
+
+ String me = bean.whoAmI();
+ assertEquals("Admin", me);
+
+ bean.onlyAdmin();
+ }
+
+ @Test
+ public void testSecurityContextAssociation() throws Exception
+ {
+ SecuredLocal bean = lookup("SecuredBean/local", SecuredLocal.class);
+
+ SecurityContext sc = SecurityContextFactory.createSecurityContext("test");
+ SecurityContextUtil util = sc.getUtil();
+ Principal principal = new SimplePrincipal("Invalid");
+ Object credential = null;
+ Subject subject = new Subject();
+ subject.getPrincipals().add(principal);
+ subject.getPrivateCredentials().add(credential);
+ util.createSubjectInfo(principal, credential, subject);
+ SecurityContextAssociation.setSecurityContext(sc);
+
+ try
+ {
+ bean.whoAmI();
+ fail("Should have thrown EJBAccessException");
+ }
+ catch(EJBAccessException e)
+ {
+ // good
+ }
+
+ assertSame(sc, SecurityContextAssociation.getSecurityContext());
+ }
+}
Added: projects/ejb3/trunk/core/src/test/java/org/jboss/security/integration/JNDIBasedSecurityManagement.java
===================================================================
--- projects/ejb3/trunk/core/src/test/java/org/jboss/security/integration/JNDIBasedSecurityManagement.java (rev 0)
+++ projects/ejb3/trunk/core/src/test/java/org/jboss/security/integration/JNDIBasedSecurityManagement.java 2008-12-19 13:22:45 UTC (rev 82440)
@@ -0,0 +1,88 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.integration;
+
+import javax.naming.InitialContext;
+import javax.naming.NamingException;
+
+import org.jboss.security.AuthenticationManager;
+import org.jboss.security.AuthorizationManager;
+import org.jboss.security.ISecurityManagement;
+import org.jboss.security.audit.AuditManager;
+import org.jboss.security.identitytrust.IdentityTrustManager;
+import org.jboss.security.mapping.MappingManager;
+
+/**
+ * @author <a href="mailto:cdewolf at redhat.com">Carlo de Wolf</a>
+ * @version $Revision: $
+ */
+public class JNDIBasedSecurityManagement implements ISecurityManagement
+{
+ private InitialContext ctx;
+
+ public JNDIBasedSecurityManagement() throws NamingException
+ {
+ ctx = new InitialContext();
+ }
+
+ public AuditManager getAuditManager(String securityDomain)
+ {
+ return lookupDelegate().getAuditManager(securityDomain);
+ }
+
+ public AuthenticationManager getAuthenticationManager(String securityDomain)
+ {
+ return lookupDelegate().getAuthenticationManager(securityDomain);
+ }
+
+ public AuthorizationManager getAuthorizationManager(String securityDomain)
+ {
+ return lookupDelegate().getAuthorizationManager(securityDomain);
+ }
+
+ public IdentityTrustManager getIdentityTrustManager(String securityDomain)
+ {
+ return lookupDelegate().getIdentityTrustManager(securityDomain);
+ }
+
+ /* (non-Javadoc)
+ * @see org.jboss.security.ISecurityManagement#getMappingManager(java.lang.String)
+ */
+ public MappingManager getMappingManager(String securityDomain)
+ {
+ // TODO Auto-generated method stub
+ //return null;
+ throw new RuntimeException("NYI");
+ }
+
+ private ISecurityManagement lookupDelegate()
+ {
+ try
+ {
+ return (ISecurityManagement) ctx.lookup("securityManagement");
+ }
+ catch (NamingException e)
+ {
+ throw new RuntimeException(e);
+ }
+ }
+}
Added: projects/ejb3/trunk/core/src/test/resources/securitymanager-beans.xml
===================================================================
--- projects/ejb3/trunk/core/src/test/resources/securitymanager-beans.xml (rev 0)
+++ projects/ejb3/trunk/core/src/test/resources/securitymanager-beans.xml 2008-12-19 13:22:45 UTC (rev 82440)
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<deployment xmlns="urn:jboss:bean-deployer:2.0">
+ <!-- JTA -->
+ <bean name="AuthenticationManager" class="org.jboss.ejb3.core.test.common.SimpleSecurityService">
+ <depends>NamingServer</depends>
+ </bean>
+</deployment>
\ No newline at end of file
More information about the jboss-cvs-commits
mailing list