[jboss-cvs] JBossAS SVN: r70011 - in trunk/server/src: main/org/jboss/deployment and 4 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Thu Feb 21 14:06:46 EST 2008
Author: anil.saldhana at jboss.com
Date: 2008-02-21 14:06:46 -0500 (Thu, 21 Feb 2008)
New Revision: 70011
Added:
trunk/server/src/main/org/jboss/deployment/EarSecurityDeployer.java
trunk/server/src/main/org/jboss/deployment/security/AbstractSecurityDeployer.java
trunk/server/src/main/org/jboss/deployment/security/EarJaccPolicy.java
trunk/server/src/main/org/jboss/deployment/security/EarPolicyConfigurationFacade.java
trunk/server/src/main/org/jboss/deployment/security/EjbJaccPolicy.java
trunk/server/src/main/org/jboss/deployment/security/EjbPolicyConfigurationFacade.java
trunk/server/src/main/org/jboss/deployment/security/WarJaccPolicy.java
trunk/server/src/main/org/jboss/deployment/security/WarPolicyConfigurationFacade.java
trunk/server/src/main/org/jboss/ejb/deployers/EjbSecurityDeployer.java
trunk/server/src/main/org/jboss/web/deployers/WarSecurityDeployer.java
Modified:
trunk/server/src/etc/deployers/ejb-deployer-beans.xml
trunk/server/src/etc/deployers/security-deployer-beans.xml
trunk/server/src/main/org/jboss/deployment/security/JaccPolicy.java
trunk/server/src/main/org/jboss/deployment/security/JaccPolicyMBean.java
trunk/server/src/main/org/jboss/deployment/security/PolicyConfigurationFacade.java
trunk/server/src/main/org/jboss/deployment/security/PolicyConfigurationFacadeMBean.java
trunk/server/src/main/org/jboss/ejb/EjbModule.java
Log:
JBAS-4858: SecurityDeployer that works on the metadata to create the jacc policy configurations
Modified: trunk/server/src/etc/deployers/ejb-deployer-beans.xml
===================================================================
--- trunk/server/src/etc/deployers/ejb-deployer-beans.xml 2008-02-21 18:56:22 UTC (rev 70010)
+++ trunk/server/src/etc/deployers/ejb-deployer-beans.xml 2008-02-21 19:06:46 UTC (rev 70011)
@@ -48,7 +48,6 @@
<!-- Specify a SecurityDomain as fallback -->
<property name="defaultSecurityDomain">jboss-ejb-policy</property>
- <depends>SecurityDeployer</depends>
</bean>
<bean name="MergedJBossMetaDataDeployer" class="org.jboss.ejb.deployers.MergedJBossMetaDataDeployer">
Modified: trunk/server/src/etc/deployers/security-deployer-beans.xml
===================================================================
--- trunk/server/src/etc/deployers/security-deployer-beans.xml 2008-02-21 18:56:22 UTC (rev 70010)
+++ trunk/server/src/etc/deployers/security-deployer-beans.xml 2008-02-21 19:06:46 UTC (rev 70011)
@@ -4,19 +4,12 @@
Security Deployer
-->
<deployment xmlns="urn:jboss:bean-deployer:2.0">
- <bean name="SecurityDeployer" class="org.jboss.deployment.security.SecurityDeployer">
- <property name="type">security</property>
- <property name="ignoreSuffixes">
- <set elementClass="java.lang.String">
- <value>xml</value>
- <value>beans</value>
- <value>deployer</value>
- <value>rar</value>
- <value>properties</value>
- </set>
- </property>
- </bean>
+ <bean name="EARSecurityDeployer" class="org.jboss.deployment.EarSecurityDeployer"/>
+ <bean name="EJBSecurityDeployer" class="org.jboss.ejb.deployers.EjbSecurityDeployer"/>
+ <bean name="WARSecurityDeployer" class="org.jboss.web.deployers.WarSecurityDeployer"/>
+
+
<!-- JNDI Object Factory to establish SecurityDomainContext objects -->
<bean name="SecurityDomainObjectFactory" class="org.jboss.security.integration.SecurityDomainObjectFactory" />
Added: trunk/server/src/main/org/jboss/deployment/EarSecurityDeployer.java
===================================================================
--- trunk/server/src/main/org/jboss/deployment/EarSecurityDeployer.java (rev 0)
+++ trunk/server/src/main/org/jboss/deployment/EarSecurityDeployer.java 2008-02-21 19:06:46 UTC (rev 70011)
@@ -0,0 +1,59 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.deployment;
+
+import org.jboss.deployment.security.AbstractSecurityDeployer;
+import org.jboss.deployment.security.EarJaccPolicy;
+import org.jboss.deployment.security.EarPolicyConfigurationFacade;
+import org.jboss.metadata.ear.jboss.JBossAppMetaData;
+import org.jboss.system.metadata.ServiceMetaData;
+
+//$Id$
+
+/**
+ * Security Deployer for ear
+ * @author Anil.Saldhana at redhat.com
+ * @since Feb 17, 2008
+ * @version $Revision$
+ */
+public class EarSecurityDeployer extends AbstractSecurityDeployer<JBossAppMetaData>
+{
+
+ @Override
+ protected ServiceMetaData getServiceMetaData()
+ {
+ ServiceMetaData subjaccPolicy = new ServiceMetaData();
+ subjaccPolicy.setCode(EarPolicyConfigurationFacade.class.getName());
+ return subjaccPolicy;
+ }
+
+ @Override
+ protected Class<JBossAppMetaData> getMetaDataClassType()
+ {
+ return JBossAppMetaData.class;
+ }
+
+ protected String getJaccPolicyName()
+ {
+ return EarJaccPolicy.class.getName();
+ }
+}
\ No newline at end of file
Added: trunk/server/src/main/org/jboss/deployment/security/AbstractSecurityDeployer.java
===================================================================
--- trunk/server/src/main/org/jboss/deployment/security/AbstractSecurityDeployer.java (rev 0)
+++ trunk/server/src/main/org/jboss/deployment/security/AbstractSecurityDeployer.java 2008-02-21 19:06:46 UTC (rev 70011)
@@ -0,0 +1,206 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.deployment.security;
+
+import java.util.ArrayList;
+
+import javax.management.ObjectName;
+
+import org.jboss.deployers.spi.DeploymentException;
+import org.jboss.deployers.spi.deployer.DeploymentStages;
+import org.jboss.deployers.spi.deployer.helpers.AbstractDeployer;
+import org.jboss.deployers.structure.spi.DeploymentUnit;
+import org.jboss.metadata.javaee.support.IdMetaData;
+import org.jboss.system.metadata.ServiceAttributeMetaData;
+import org.jboss.system.metadata.ServiceConstructorMetaData;
+import org.jboss.system.metadata.ServiceDependencyMetaData;
+import org.jboss.system.metadata.ServiceDependencyValueMetaData;
+import org.jboss.system.metadata.ServiceMetaData;
+
+
+/**
+ * Abstract Security Deployer
+ * Sets up the top level JaccPolicy service beans
+ * @author Anil.Saldhana at redhat.com
+ * @since Feb 18, 2008
+ * @version $Revision$
+ */
+public abstract class AbstractSecurityDeployer<T extends IdMetaData>
+extends AbstractDeployer
+{
+ static final String JACC_ATTACHMENT_NAME = "jboss.jacc";
+ static final String BASE_OBJECT_NAME = "jboss.jacc:service=jacc,id=";
+
+ protected T metaData = null;
+
+ public AbstractSecurityDeployer()
+ {
+ setStage(DeploymentStages.POST_CLASSLOADER);
+ setInput(getMetaDataClassType());
+ setOutput(ServiceMetaData.class);
+ addOutput(JACC_ATTACHMENT_NAME);
+ }
+
+ public void deploy(DeploymentUnit unit) throws DeploymentException
+ {
+ metaData = unit.getAttachment(getMetaDataClassType());
+
+ if(metaData == null)
+ return;
+
+ String contextId = unit.getSimpleName();
+
+ //Is the war the top level deployment?
+ //DeploymentUnit topUnit = unit.getTopLevel();
+ if(unit.getParent() == null || getParentJaccPolicyBean(unit) == null)
+ {
+ createTopLevelServiceBeanWithMetaData(contextId, unit, metaData);
+ }
+ else
+ {
+ ServiceMetaData subjaccPolicy = getServiceMetaData();
+
+ String deploymentName = unit.getSimpleName();
+
+ try
+ {
+ subjaccPolicy.setObjectName(new ObjectName(getObjectName(unit)));
+ }
+ catch (Exception e)
+ {
+ throw new RuntimeException(e);
+ }
+ //Provide a constructor for the service bean
+ ServiceConstructorMetaData serviceConstructor = new ServiceConstructorMetaData();
+ serviceConstructor.setSignature(new String[] { String.class.getName(),
+ metaData.getClass().getName()});
+ serviceConstructor.setParameters(new Object[] {deploymentName, metaData});
+ subjaccPolicy.setConstructor(serviceConstructor);
+
+ ArrayList<ServiceMetaData> services = new ArrayList<ServiceMetaData>();
+ services.add(subjaccPolicy);
+ unit.addAttachment(JACC_ATTACHMENT_NAME, subjaccPolicy, ServiceMetaData.class );
+
+ //Add a dependence into the parent JaccPolicy
+ ServiceMetaData parentServiceMetaData = this.getParentJaccPolicyBean(unit);
+ if(parentServiceMetaData != null)
+ {
+ ServiceDependencyMetaData serviceDependencyMetaData = new ServiceDependencyMetaData();
+ serviceDependencyMetaData.setIDependOnObjectName(subjaccPolicy.getObjectName());
+ parentServiceMetaData.addDependency(serviceDependencyMetaData);
+
+ //Add an attribute in the parent service
+ ServiceAttributeMetaData serviceAttributeMetaData = new ServiceAttributeMetaData();
+ serviceAttributeMetaData.setName("PolicyConfigurationFacadeMBean");
+ ServiceDependencyValueMetaData dependencyValue = new ServiceDependencyValueMetaData();
+ dependencyValue.setDependency(subjaccPolicy.getObjectName().toString());
+ dependencyValue.setProxyType("attribute");
+ serviceAttributeMetaData.setValue(dependencyValue);
+ parentServiceMetaData.addAttribute(serviceAttributeMetaData);
+ }
+ }
+ }
+ @Override
+ public void undeploy(DeploymentUnit unit)
+ {
+ unit.removeAttachment(JACC_ATTACHMENT_NAME);
+ }
+
+ private void createTopLevelServiceBeanWithMetaData(String contextId,
+ DeploymentUnit unit, T deployment)
+ {
+ //Provide a constructor for the service bean
+ ServiceConstructorMetaData serviceConstructor = new ServiceConstructorMetaData();
+ serviceConstructor.setSignature(new String[] { String.class.getName(),
+ metaData.getClass().getName(),Boolean.class.getName()});
+ serviceConstructor.setParameters(new Object[] {contextId,deployment, Boolean.TRUE});
+ createJaccPolicyBean(serviceConstructor, unit);
+ }
+
+ private void createJaccPolicyBean(ServiceConstructorMetaData serviceConstructor,
+ DeploymentUnit unit)
+ {
+ //Create a Service Bean for the JACC Policy
+ ServiceMetaData jaccPolicy = new ServiceMetaData();
+ jaccPolicy.setCode(getJaccPolicyName());
+ try
+ {
+ jaccPolicy.setObjectName(new ObjectName(getObjectName(unit)));
+ }
+ catch (Exception e)
+ {
+ throw new RuntimeException(e);
+ }
+ //Provide a constructor for the service bean
+ jaccPolicy.setConstructor(serviceConstructor);
+ ArrayList<ServiceMetaData> services = new ArrayList<ServiceMetaData>();
+ services.add(jaccPolicy);
+
+ unit.addAttachment(JACC_ATTACHMENT_NAME, jaccPolicy, ServiceMetaData.class);
+ }
+
+ private ServiceMetaData getParentJaccPolicyBean(DeploymentUnit childDU)
+ {
+ DeploymentUnit parentDU = childDU.getParent();
+
+ while(parentDU != null)
+ {
+ ServiceMetaData parentJacc = (ServiceMetaData)parentDU.getAttachment(JACC_ATTACHMENT_NAME);
+ if(parentJacc != null)
+ return parentJacc;
+ parentDU = parentDU.getParent();
+ }
+ return null;
+ }
+
+ /**
+ * Get the name of the JaccPolicy subclass
+ * (EjbJaccPolicy,WebJaccPolicy etc)
+ * @return
+ */
+ protected abstract String getJaccPolicyName();
+
+ /**
+ * Return the type of metadata
+ * @return
+ */
+ protected abstract Class<T> getMetaDataClassType();
+
+ /**
+ * Get the top level service bean meta data
+ * @return
+ */
+ protected abstract ServiceMetaData getServiceMetaData();
+
+ /**
+ * Qualify the object name with parent name just to avoid conflicts
+ * with deployments with the same name in multiple archives
+ */
+ private String getObjectName(DeploymentUnit unit)
+ {
+ String deploymentName = unit.getSimpleName();
+ DeploymentUnit parentDU = unit.getParent();
+ String parentDeploymentName = parentDU != null ?
+ ",parent=" + parentDU.getSimpleName() : "";
+ return BASE_OBJECT_NAME + deploymentName + parentDeploymentName;
+ }
+}
\ No newline at end of file
Added: trunk/server/src/main/org/jboss/deployment/security/EarJaccPolicy.java
===================================================================
--- trunk/server/src/main/org/jboss/deployment/security/EarJaccPolicy.java (rev 0)
+++ trunk/server/src/main/org/jboss/deployment/security/EarJaccPolicy.java 2008-02-21 19:06:46 UTC (rev 70011)
@@ -0,0 +1,57 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.deployment.security;
+
+import javax.security.jacc.PolicyConfiguration;
+import javax.security.jacc.PolicyContextException;
+
+import org.jboss.metadata.ear.jboss.JBossAppMetaData;
+
+//$Id$
+
+/**
+ * Top level Jacc Policy for EARs
+ * @author Anil.Saldhana at redhat.com
+ * @since Feb 18, 2008
+ * @version $Revision$
+ */
+public class EarJaccPolicy extends JaccPolicy<JBossAppMetaData>
+{
+ public EarJaccPolicy(String id)
+ {
+ super(id);
+ }
+
+
+ public EarJaccPolicy(String id, JBossAppMetaData metaData, Boolean standaloneDeployment)
+ {
+ super(id, metaData, standaloneDeployment);
+ }
+
+
+ @Override
+ protected void createPermissions(JBossAppMetaData metaData,
+ PolicyConfiguration policyConfiguration) throws PolicyContextException
+ {
+ //nothing to do here
+ }
+}
Added: trunk/server/src/main/org/jboss/deployment/security/EarPolicyConfigurationFacade.java
===================================================================
--- trunk/server/src/main/org/jboss/deployment/security/EarPolicyConfigurationFacade.java (rev 0)
+++ trunk/server/src/main/org/jboss/deployment/security/EarPolicyConfigurationFacade.java 2008-02-21 19:06:46 UTC (rev 70011)
@@ -0,0 +1,51 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.deployment.security;
+
+import javax.security.jacc.PolicyConfiguration;
+import javax.security.jacc.PolicyContextException;
+
+import org.jboss.metadata.ear.jboss.JBossAppMetaData;
+
+//$Id$
+
+/**
+ * A facade for constructing Permissions into the PolicyConfiguration
+ * @author Anil.Saldhana at redhat.com
+ * @since Feb 18, 2008
+ * @version $Revision$
+ */
+public class EarPolicyConfigurationFacade<T extends JBossAppMetaData>
+extends PolicyConfigurationFacade<JBossAppMetaData>
+{
+ public EarPolicyConfigurationFacade(String id, T md)
+ {
+ super(id, md);
+ }
+
+ @Override
+ protected void createPermissions(JBossAppMetaData metaData,
+ PolicyConfiguration policyConfiguration) throws PolicyContextException
+ {
+ return; //No need for permissions
+ }
+}
\ No newline at end of file
Added: trunk/server/src/main/org/jboss/deployment/security/EjbJaccPolicy.java
===================================================================
--- trunk/server/src/main/org/jboss/deployment/security/EjbJaccPolicy.java (rev 0)
+++ trunk/server/src/main/org/jboss/deployment/security/EjbJaccPolicy.java 2008-02-21 19:06:46 UTC (rev 70011)
@@ -0,0 +1,63 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.deployment.security;
+
+import javax.security.jacc.PolicyConfiguration;
+import javax.security.jacc.PolicyContextException;
+
+import org.jboss.ejb.EJBPermissionMapping;
+import org.jboss.metadata.ejb.jboss.JBossEnterpriseBeanMetaData;
+import org.jboss.metadata.ejb.jboss.JBossEnterpriseBeansMetaData;
+import org.jboss.metadata.ejb.jboss.JBossMetaDataWrapper;
+
+//$Id$
+
+/**
+ * Top level Jacc Policy for EJBs
+ * @author Anil.Saldhana at redhat.com
+ * @since Feb 18, 2008
+ * @version $Revision$
+ */
+public class EjbJaccPolicy<T extends JBossMetaDataWrapper> extends JaccPolicy<JBossMetaDataWrapper>
+{
+ public EjbJaccPolicy(String id)
+ {
+ super(id);
+ }
+
+ public EjbJaccPolicy(String id, JBossMetaDataWrapper metaData, Boolean standaloneDeployment)
+ {
+ super(id, metaData, standaloneDeployment);
+ }
+
+ @Override
+ protected void createPermissions(JBossMetaDataWrapper metaData, PolicyConfiguration policyConfiguration)
+ throws PolicyContextException
+ {
+ JBossEnterpriseBeansMetaData beans = metaData.getEnterpriseBeans();
+ for(JBossEnterpriseBeanMetaData jBossEnterpriseBeanMetaData : beans)
+ {
+ EJBPermissionMapping.createPermissions(jBossEnterpriseBeanMetaData,
+ policyConfiguration);
+ }
+ }
+}
Added: trunk/server/src/main/org/jboss/deployment/security/EjbPolicyConfigurationFacade.java
===================================================================
--- trunk/server/src/main/org/jboss/deployment/security/EjbPolicyConfigurationFacade.java (rev 0)
+++ trunk/server/src/main/org/jboss/deployment/security/EjbPolicyConfigurationFacade.java 2008-02-21 19:06:46 UTC (rev 70011)
@@ -0,0 +1,60 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.deployment.security;
+
+import javax.security.jacc.PolicyConfiguration;
+import javax.security.jacc.PolicyContextException;
+
+import org.jboss.ejb.EJBPermissionMapping;
+import org.jboss.metadata.ejb.jboss.JBossEnterpriseBeanMetaData;
+import org.jboss.metadata.ejb.jboss.JBossEnterpriseBeansMetaData;
+import org.jboss.metadata.ejb.jboss.JBossMetaData;
+import org.jboss.metadata.ejb.jboss.JBossMetaDataWrapper;
+
+//$Id$
+
+/**
+ * A facade for constructing Permissions into the PolicyConfiguration
+ * @author Anil.Saldhana at redhat.com
+ * @since Feb 18, 2008
+ * @version $Revision$
+ */
+public class EjbPolicyConfigurationFacade<T extends JBossMetaDataWrapper>
+extends PolicyConfigurationFacade<JBossMetaData>
+{
+ public EjbPolicyConfigurationFacade(String id, T md)
+ {
+ super(id, md);
+ }
+
+ @Override
+ protected void createPermissions(JBossMetaData metaData,
+ PolicyConfiguration policyConfiguration) throws PolicyContextException
+ {
+ JBossEnterpriseBeansMetaData beans = metaData.getEnterpriseBeans();
+ for(JBossEnterpriseBeanMetaData jBossEnterpriseBeanMetaData : beans)
+ {
+ EJBPermissionMapping.createPermissions(jBossEnterpriseBeanMetaData,
+ policyConfiguration);
+ }
+ }
+}
\ No newline at end of file
Modified: trunk/server/src/main/org/jboss/deployment/security/JaccPolicy.java
===================================================================
--- trunk/server/src/main/org/jboss/deployment/security/JaccPolicy.java 2008-02-21 18:56:22 UTC (rev 70010)
+++ trunk/server/src/main/org/jboss/deployment/security/JaccPolicy.java 2008-02-21 19:06:46 UTC (rev 70011)
@@ -21,13 +21,17 @@
*/
package org.jboss.deployment.security;
+import java.security.Policy;
+import java.util.ArrayList;
+import java.util.List;
+
import javax.security.jacc.PolicyConfiguration;
import javax.security.jacc.PolicyConfigurationFactory;
import javax.security.jacc.PolicyContextException;
import org.jboss.logging.Logger;
+import org.jboss.metadata.javaee.support.IdMetaData;
-//$Id$
/**
* A Service Bean representing the JACC Policy for the top level deployment
@@ -35,7 +39,7 @@
* @since Dec 11, 2006
* @version $Revision$
*/
-public class JaccPolicy implements JaccPolicyMBean
+public class JaccPolicy<T extends IdMetaData> implements JaccPolicyMBean
{
private static Logger log = Logger.getLogger(JaccPolicy.class);
private boolean trace = log.isTraceEnabled();
@@ -43,9 +47,11 @@
private PolicyConfiguration parentPC = null;
private String contextID = null;
- private Object metaData;
+ private T metaData;
- private Boolean standaloneDeployment = Boolean.FALSE;
+ private Boolean standaloneDeployment = Boolean.FALSE;
+
+ private List<PolicyConfigurationFacadeMBean> children = new ArrayList<PolicyConfigurationFacadeMBean>();
/**
@@ -60,7 +66,7 @@
this.contextID = id;
}
- public JaccPolicy(String id, Object metaData, Boolean standaloneDeployment)
+ public JaccPolicy(String id, T metaData, Boolean standaloneDeployment)
{
this(id);
this.metaData = metaData;
@@ -83,9 +89,9 @@
if(this.standaloneDeployment == Boolean.TRUE)
{
try
- {
- if (metaData != null)
- JaccPolicyUtil.createPermissions(parentPC, metaData);
+ {
+ if (metaData != null)
+ createPermissions(metaData,parentPC);
else
log.warn("Cannot create permissions with 'null' metaData for id=" + contextID);
}
@@ -95,6 +101,8 @@
throw new RuntimeException("Cannot create permissions:",e);
}
}
+ if(trace)
+ log.trace("create():" + this.contextID);
}
/**
@@ -102,6 +110,8 @@
*/
public void destroy()
{
+ if(trace)
+ log.trace("destroy:" + this.contextID);
parentPC= null;
}
@@ -113,12 +123,35 @@
//All the sub deployments have started
try
{
+ //Let us link all the policy configurations
+ for(PolicyConfigurationFacadeMBean pcfm:children)
+ {
+ /** The idea is that if any of the linking policy configuration
+ * have committed (i.e. they are in a inService state), then they
+ * cannot be linked. So we bring them to the open state by getting
+ * the policy configuration from the factory and then we commit.
+ */
+ String jaccContextIdChild = pcfm.getJaccContextID();
+
+ PolicyConfigurationFactory policyConfigurationFactory = PolicyConfigurationFactory.getPolicyConfigurationFactory();
+ PolicyConfiguration pcChild = policyConfigurationFactory.getPolicyConfiguration(jaccContextIdChild, false);
+ if(pcChild != null)
+ {
+ parentPC.linkConfiguration(pcChild);
+ //Commit the linked PC
+ pcChild.commit();
+ }
+ }
parentPC.commit();
+ // Allow the policy to incorporate the policy configs
+ Policy.getPolicy().refresh();
}
- catch (PolicyContextException e)
+ catch (Exception e)
{
log.error("Cannot commit Parent Policy Configuration:",e);
}
+ if(trace)
+ log.trace("start():" + this.contextID);
}
/**
@@ -128,34 +161,24 @@
{
try
{
- this.parentPC.delete();
+ //The linked PCs will delete themselves via the PolicyConfigurationFacade
+ this.parentPC.delete();
}
catch (PolicyContextException e)
{
throw new RuntimeException(e);
}
+ if(trace)
+ log.trace("stop():" + this.contextID);
}
-
/**
- * @see JaccPolicyMBean#link(PolicyConfiguration)
+ * @see JaccPolicyMBean#setPolicyConfigurationFacadeMBean(PolicyConfigurationFacadeMBean)
*/
- public void link(PolicyConfiguration pc) throws PolicyContextException
- {
- if(trace)
- log.trace("Linking " + pc + " to parent pc=" + parentPC);
- if(pc == null)
- throw new IllegalArgumentException("pc is null");
- try
- {
- createPolicyConfiguration();
- }
- catch (ClassNotFoundException e)
- {
- throw new RuntimeException(e);
- }
- parentPC.linkConfiguration(pc);
- }
+ public void setPolicyConfigurationFacadeMBean(PolicyConfigurationFacadeMBean mbeanName)
+ {
+ this.children.add(mbeanName);
+ }
private void createPolicyConfiguration() throws PolicyContextException, ClassNotFoundException
{
@@ -165,4 +188,10 @@
parentPC = pcf.getPolicyConfiguration(contextID, true);
}
}
-}
+
+ protected void createPermissions(T metaData, PolicyConfiguration policyConfiguration)
+ throws PolicyContextException
+ {
+ throw new RuntimeException("Need to override");
+ }
+}
\ No newline at end of file
Modified: trunk/server/src/main/org/jboss/deployment/security/JaccPolicyMBean.java
===================================================================
--- trunk/server/src/main/org/jboss/deployment/security/JaccPolicyMBean.java 2008-02-21 18:56:22 UTC (rev 70010)
+++ trunk/server/src/main/org/jboss/deployment/security/JaccPolicyMBean.java 2008-02-21 19:06:46 UTC (rev 70011)
@@ -21,8 +21,6 @@
*/
package org.jboss.deployment.security;
-import javax.security.jacc.PolicyConfiguration;
-import javax.security.jacc.PolicyContextException;
//$Id$
@@ -38,11 +36,10 @@
public void destroy();
public void start();
public void stop();
-
+
/**
- * Link the policy Configuration with the top-level policy configuration
- * @param pc
- * @throws PolicyContextException
+ * Inject a child PolicyConfiguration facade
+ * @param pcfm
*/
- public void link(PolicyConfiguration pc) throws PolicyContextException;
-}
+ public void setPolicyConfigurationFacadeMBean(PolicyConfigurationFacadeMBean pcfm);
+}
\ No newline at end of file
Modified: trunk/server/src/main/org/jboss/deployment/security/PolicyConfigurationFacade.java
===================================================================
--- trunk/server/src/main/org/jboss/deployment/security/PolicyConfigurationFacade.java 2008-02-21 18:56:22 UTC (rev 70010)
+++ trunk/server/src/main/org/jboss/deployment/security/PolicyConfigurationFacade.java 2008-02-21 19:06:46 UTC (rev 70011)
@@ -21,34 +21,33 @@
*/
package org.jboss.deployment.security;
-import java.security.Policy;
-
import javax.security.jacc.PolicyConfiguration;
import javax.security.jacc.PolicyConfigurationFactory;
import javax.security.jacc.PolicyContextException;
import org.jboss.logging.Logger;
-import org.jboss.metadata.MetaData;
+import org.jboss.metadata.javaee.support.IdMetaData;
//$Id$
/**
* A facade for the JACC Policy Configuration
+ * for deployments that are not the top level deployments
+ * (Eg: WARs, EJB-Jars sitting inside EAR deployments)
* @author Anil.Saldhana at redhat.com
* @since Apr 23, 2007
* @version $Revision$
*/
-public class PolicyConfigurationFacade implements PolicyConfigurationFacadeMBean
-{
- private static Logger log = Logger.getLogger(PolicyConfigurationFacade.class);
-
+public abstract class PolicyConfigurationFacade<T extends IdMetaData>
+implements PolicyConfigurationFacadeMBean
+{
+ protected static Logger log = Logger.getLogger(PolicyConfigurationFacade.class);
+ protected boolean trace = log.isTraceEnabled();
private String jaccContextId;
- private PolicyConfiguration policyConfiguration;
- private JaccPolicyMBean jaccPolicyMBean;
- private Object metaData;
-
+ private PolicyConfiguration policyConfiguration;
+ private T metaData;
- public PolicyConfigurationFacade(String id, Object md)
+ public PolicyConfigurationFacade(String id, T md)
{
if(id == null)
throw new IllegalArgumentException("Context ID is null");
@@ -64,8 +63,8 @@
{
PolicyConfigurationFactory pcf = PolicyConfigurationFactory.getPolicyConfigurationFactory();
policyConfiguration = pcf.getPolicyConfiguration(this.jaccContextId, true);
-
- JaccPolicyUtil.createPermissions(policyConfiguration, metaData);
+
+ createPermissions(metaData, policyConfiguration);
}
catch (ClassNotFoundException e)
{
@@ -75,30 +74,21 @@
{
new RuntimeException(e);
}
-
+ if(trace)
+ log.trace("Create:contextID=" + this.jaccContextId);
}
public void destroy()
{
+ if(trace)
+ log.trace("destroy : " + this.jaccContextId);
this.policyConfiguration = null;
}
public void start()
{
- try
- {
- if(jaccPolicyMBean != null)
- {
- jaccPolicyMBean.link(policyConfiguration);
- }
- policyConfiguration.commit();
- // Allow the policy to incorporate the policy configs
- Policy.getPolicy().refresh();
- }
- catch (PolicyContextException e)
- {
- new RuntimeException(e);
- }
+ if(trace)
+ log.trace("Start : contextId=" + this.jaccContextId);
}
public void stop()
@@ -110,16 +100,34 @@
catch (PolicyContextException e)
{
new RuntimeException(e);
- }
+ }
+ if(trace)
+ log.trace("stop : " + this.jaccContextId);
}
- public JaccPolicyMBean getJaccPolicyMBean()
+ /**
+ * @see PolicyConfigurationFacadeMBean#getPolicyConfiguration()
+ */
+ public PolicyConfiguration getPolicyConfiguration()
{
- return this.jaccPolicyMBean;
+ return this.policyConfiguration;
}
-
- public void setJaccPolicyMBean(JaccPolicyMBean jaccPolicy)
+
+ /**
+ * @see PolicyConfigurationFacadeMBean#getJaccContextID()
+ */
+ public String getJaccContextID()
{
- this.jaccPolicyMBean = jaccPolicy;
+ return this.jaccContextId;
}
-}
+
+ /**
+ * Subclasses should override to create the Jacc Permissions
+ * in the PolicyConfiguration
+ * @param metaData
+ * @param policyConfiguration
+ * @throws PolicyContextException
+ */
+ protected abstract void createPermissions(T metaData,
+ PolicyConfiguration policyConfiguration) throws PolicyContextException;
+}
\ No newline at end of file
Modified: trunk/server/src/main/org/jboss/deployment/security/PolicyConfigurationFacadeMBean.java
===================================================================
--- trunk/server/src/main/org/jboss/deployment/security/PolicyConfigurationFacadeMBean.java 2008-02-21 18:56:22 UTC (rev 70010)
+++ trunk/server/src/main/org/jboss/deployment/security/PolicyConfigurationFacadeMBean.java 2008-02-21 19:06:46 UTC (rev 70011)
@@ -20,6 +20,8 @@
* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
*/
package org.jboss.deployment.security;
+
+import javax.security.jacc.PolicyConfiguration;
//$Id$
@@ -35,7 +37,17 @@
public void destroy();
public void start();
public void stop();
+
+ /**
+ * Get the JACC Context ID
+ * @return
+ */
+ public String getJaccContextID();
- public JaccPolicyMBean getJaccPolicyMBean();
- public void setJaccPolicyMBean(JaccPolicyMBean jaccPolicy);
+ /**
+ * Get the PolicyConfiguration created by
+ * this facade
+ * @return
+ */
+ public PolicyConfiguration getPolicyConfiguration();
}
Added: trunk/server/src/main/org/jboss/deployment/security/WarJaccPolicy.java
===================================================================
--- trunk/server/src/main/org/jboss/deployment/security/WarJaccPolicy.java (rev 0)
+++ trunk/server/src/main/org/jboss/deployment/security/WarJaccPolicy.java 2008-02-21 19:06:46 UTC (rev 70011)
@@ -0,0 +1,57 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.deployment.security;
+
+import javax.security.jacc.PolicyConfiguration;
+import javax.security.jacc.PolicyContextException;
+
+import org.jboss.metadata.web.jboss.JBossWebMetaData;
+import org.jboss.web.WebPermissionMapping;
+
+//$Id$
+
+/**
+ * Top level Jacc Policy For WARs
+ * @author Anil.Saldhana at redhat.com
+ * @since Feb 18, 2008
+ * @version $Revision$
+ */
+public class WarJaccPolicy extends JaccPolicy<JBossWebMetaData>
+{
+ public WarJaccPolicy(String id)
+ {
+ super(id);
+ }
+
+ public WarJaccPolicy(String id, JBossWebMetaData metaData, Boolean standaloneDeployment)
+ {
+ super(id, metaData, standaloneDeployment);
+ }
+
+ @Override
+ protected void createPermissions(JBossWebMetaData metaData,
+ PolicyConfiguration policyConfiguration)
+ throws PolicyContextException
+ {
+ WebPermissionMapping.createPermissions(metaData, policyConfiguration);
+ }
+}
Added: trunk/server/src/main/org/jboss/deployment/security/WarPolicyConfigurationFacade.java
===================================================================
--- trunk/server/src/main/org/jboss/deployment/security/WarPolicyConfigurationFacade.java (rev 0)
+++ trunk/server/src/main/org/jboss/deployment/security/WarPolicyConfigurationFacade.java 2008-02-21 19:06:46 UTC (rev 70011)
@@ -0,0 +1,53 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.deployment.security;
+
+import javax.security.jacc.PolicyConfiguration;
+import javax.security.jacc.PolicyContextException;
+
+import org.jboss.metadata.web.jboss.JBossWebMetaData;
+import org.jboss.web.WebPermissionMapping;
+
+
+/**
+ * A facade for constructing web Jacc Permissions
+ * into the PolicyConfiguration for the enclosing deployments
+ * in the top level deployment
+ * @author Anil.Saldhana at redhat.com
+ * @since Feb 18, 2008
+ * @version $Revision$
+ */
+public class WarPolicyConfigurationFacade<T extends JBossWebMetaData>
+extends PolicyConfigurationFacade<JBossWebMetaData>
+{
+ public WarPolicyConfigurationFacade(String id, T md)
+ {
+ super(id, md);
+ }
+
+ @Override
+ protected void createPermissions(JBossWebMetaData metaData,
+ PolicyConfiguration policyConfiguration) throws PolicyContextException
+ {
+ WebPermissionMapping.createPermissions(metaData, policyConfiguration);
+ }
+}
\ No newline at end of file
Modified: trunk/server/src/main/org/jboss/ejb/EjbModule.java
===================================================================
--- trunk/server/src/main/org/jboss/ejb/EjbModule.java 2008-02-21 18:56:22 UTC (rev 70010)
+++ trunk/server/src/main/org/jboss/ejb/EjbModule.java 2008-02-21 19:06:46 UTC (rev 70011)
@@ -23,6 +23,7 @@
import java.lang.reflect.Method;
import java.net.URL;
+import java.security.Policy;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
@@ -1069,7 +1070,11 @@
{
addMissingMethodPermissions(bean, exclude, clazz, InvocationType.REMOTE, pc);
}
- pc.commit();
+
+ if(pc.inService() == false)
+ pc.commit();
+ // Allow the policy to incorporate the policy configs
+ Policy.getPolicy().refresh();
}
private void getInterfaces(Class iface, HashSet tmp)
Added: trunk/server/src/main/org/jboss/ejb/deployers/EjbSecurityDeployer.java
===================================================================
--- trunk/server/src/main/org/jboss/ejb/deployers/EjbSecurityDeployer.java (rev 0)
+++ trunk/server/src/main/org/jboss/ejb/deployers/EjbSecurityDeployer.java 2008-02-21 19:06:46 UTC (rev 70011)
@@ -0,0 +1,65 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.ejb.deployers;
+
+import org.jboss.deployment.security.AbstractSecurityDeployer;
+import org.jboss.deployment.security.EjbJaccPolicy;
+import org.jboss.deployment.security.EjbPolicyConfigurationFacade;
+import org.jboss.metadata.ejb.jboss.JBossMetaData;
+import org.jboss.system.metadata.ServiceMetaData;
+
+
+/**
+ * Security Deployer for ejb-jar
+ * @author Anil.Saldhana at redhat.com
+ * @since Feb 17, 2008
+ * @version $Revision$
+ */
+public class EjbSecurityDeployer
+extends AbstractSecurityDeployer<JBossMetaData>
+{
+ public EjbSecurityDeployer()
+ {
+ super();
+ addInput(MergedJBossMetaDataDeployer.EJB_MERGED_ATTACHMENT_NAME);
+ }
+
+ @Override
+ protected ServiceMetaData getServiceMetaData()
+ {
+ ServiceMetaData serviceMetaData = new ServiceMetaData();
+ serviceMetaData.setCode(EjbPolicyConfigurationFacade.class.getName());
+ return serviceMetaData;
+ }
+
+ @Override
+ protected Class<JBossMetaData> getMetaDataClassType()
+ {
+ return JBossMetaData.class;
+ }
+
+ @Override
+ protected String getJaccPolicyName()
+ {
+ return EjbJaccPolicy.class.getName();
+ }
+}
\ No newline at end of file
Added: trunk/server/src/main/org/jboss/web/deployers/WarSecurityDeployer.java
===================================================================
--- trunk/server/src/main/org/jboss/web/deployers/WarSecurityDeployer.java (rev 0)
+++ trunk/server/src/main/org/jboss/web/deployers/WarSecurityDeployer.java 2008-02-21 19:06:46 UTC (rev 70011)
@@ -0,0 +1,59 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2007, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.web.deployers;
+
+import org.jboss.deployment.security.AbstractSecurityDeployer;
+import org.jboss.deployment.security.WarJaccPolicy;
+import org.jboss.deployment.security.WarPolicyConfigurationFacade;
+import org.jboss.metadata.web.jboss.JBossWebMetaData;
+import org.jboss.system.metadata.ServiceMetaData;
+
+//$Id$
+
+/**
+ * Security Deployer for war
+ * @author Anil.Saldhana at redhat.com
+ * @since Feb 17, 2008
+ * @version $Revision$
+ */
+public class WarSecurityDeployer extends AbstractSecurityDeployer<JBossWebMetaData>
+{
+ @Override
+ protected ServiceMetaData getServiceMetaData()
+ {
+ ServiceMetaData serviceMetaData = new ServiceMetaData();
+ serviceMetaData.setCode(WarPolicyConfigurationFacade.class.getName());
+ return serviceMetaData;
+ }
+
+ @Override
+ protected Class<JBossWebMetaData> getMetaDataClassType()
+ {
+ return JBossWebMetaData.class;
+ }
+
+ @Override
+ protected String getJaccPolicyName()
+ {
+ return WarJaccPolicy.class.getName();
+ }
+}
\ No newline at end of file
More information about the jboss-cvs-commits
mailing list