[jboss-cvs] JBossAS SVN: r76507 - projects/ejb3/trunk/core/src/main/java/org/jboss/ejb3/timerservice/jboss.

jboss-cvs-commits at lists.jboss.org jboss-cvs-commits at lists.jboss.org
Thu Jul 31 09:18:30 EDT 2008 

Author: wolfc
Date: 2008-07-31 09:18:29 -0400 (Thu, 31 Jul 2008)
New Revision: 76507

Modified:
   projects/ejb3/trunk/core/src/main/java/org/jboss/ejb3/timerservice/jboss/JBossTimerServiceFactory.java
   projects/ejb3/trunk/core/src/main/java/org/jboss/ejb3/timerservice/jboss/TimerServiceFacade.java
Log:
EJBTHREE-1446: secure timer service against disallowed invocations

Modified: projects/ejb3/trunk/core/src/main/java/org/jboss/ejb3/timerservice/jboss/JBossTimerServiceFactory.java
===================================================================
--- projects/ejb3/trunk/core/src/main/java/org/jboss/ejb3/timerservice/jboss/JBossTimerServiceFactory.java	2008-07-31 13:17:51 UTC (rev 76506)
+++ projects/ejb3/trunk/core/src/main/java/org/jboss/ejb3/timerservice/jboss/JBossTimerServiceFactory.java	2008-07-31 13:18:29 UTC (rev 76507)
@@ -24,6 +24,7 @@
 import javax.ejb.TimerService;
 import javax.management.ObjectName;
 
+import org.jboss.ejb.AllowedOperationsAssociation;
 import org.jboss.ejb.txtimer.EJBTimerService;
 import org.jboss.ejb3.Container;
 import org.jboss.ejb3.EJBContainer;
@@ -118,6 +119,17 @@
       // FIXME: do not assume that a TimedObjectInvoker is an EJBContainer
       ClassLoader loader = container.getClassloader();
       
-      getEJBTimerService().restoreTimers(timerService.getContainerId(), loader);
+      // FIXME: A hack to circumvent the check in TimerServiceFacade
+      // In AS itself (/EJB2) the container has an unsecured timer service association
+      // see org.jboss.ejb.Container.getTimerService(Object pKey)
+      AllowedOperationsAssociation.pushInMethodFlag(AllowedOperationsAssociation.IN_BUSINESS_METHOD);
+      try
+      {
+         getEJBTimerService().restoreTimers(timerService.getContainerId(), loader);
+      }
+      finally
+      {
+         AllowedOperationsAssociation.popInMethodFlag();
+      }
    }
 }

Modified: projects/ejb3/trunk/core/src/main/java/org/jboss/ejb3/timerservice/jboss/TimerServiceFacade.java
===================================================================
--- projects/ejb3/trunk/core/src/main/java/org/jboss/ejb3/timerservice/jboss/TimerServiceFacade.java	2008-07-31 13:17:51 UTC (rev 76506)
+++ projects/ejb3/trunk/core/src/main/java/org/jboss/ejb3/timerservice/jboss/TimerServiceFacade.java	2008-07-31 13:18:29 UTC (rev 76507)
@@ -21,6 +21,10 @@
  */
 package org.jboss.ejb3.timerservice.jboss;
 
+import static org.jboss.ejb.AllowedOperationsFlags.IN_BUSINESS_METHOD;
+import static org.jboss.ejb.AllowedOperationsFlags.IN_EJB_TIMEOUT;
+import static org.jboss.ejb.AllowedOperationsFlags.IN_SERVICE_ENDPOINT_METHOD;
+
 import java.io.Serializable;
 import java.util.Collection;
 import java.util.Date;
@@ -30,11 +34,12 @@
 import javax.ejb.TimerService;
 import javax.management.ObjectName;
 
+import org.jboss.ejb.AllowedOperationsAssociation;
 import org.jboss.ejb3.Container;
 import org.jboss.ejb3.EJBContainer;
 
 /**
- * Comment
+ * Holds the association with the container, without exposing it.
  *
  * @author <a href="mailto:carlo.dewolf at jboss.com">Carlo de Wolf</a>
  * @version $Revision: $
@@ -51,23 +56,33 @@
       this.delegate = delegate;
    }
 
+   private void assertAllowedIn(String timerMethod)
+   {
+      // TODO: This isn't handled by the AS timer service itself
+      AllowedOperationsAssociation.assertAllowedIn(timerMethod, IN_BUSINESS_METHOD | IN_EJB_TIMEOUT | IN_SERVICE_ENDPOINT_METHOD);
+   }
+   
    public Timer createTimer(Date initialExpiration, long intervalDuration, Serializable info) throws IllegalArgumentException, IllegalStateException, EJBException
    {
+      assertAllowedIn("TimerService.createTimer");
       return delegate.createTimer(initialExpiration, intervalDuration, info);
    }
 
    public Timer createTimer(Date expiration, Serializable info) throws IllegalArgumentException, IllegalStateException, EJBException
    {
+      assertAllowedIn("TimerService.createTimer");
       return delegate.createTimer(expiration, info);
    }
 
    public Timer createTimer(long initialDuration, long intervalDuration, Serializable info) throws IllegalArgumentException, IllegalStateException, EJBException
    {
+      assertAllowedIn("TimerService.createTimer");
       return delegate.createTimer(initialDuration, intervalDuration, info);
    }
 
    public Timer createTimer(long duration, Serializable info) throws IllegalArgumentException, IllegalStateException, EJBException
    {
+      assertAllowedIn("TimerService.createTimer");
       return delegate.createTimer(duration, info);
    }
 
@@ -81,8 +96,9 @@
       return container.getObjectName();
    }
    
-   public Collection getTimers() throws IllegalStateException, EJBException
+   public Collection<?> getTimers() throws IllegalStateException, EJBException
    {
+      assertAllowedIn("TimerService.getTimers");
       return delegate.getTimers();
    }
 }

More information about the jboss-cvs-commits mailing list