[jboss-cvs] JBossAS SVN: r76507 - projects/ejb3/trunk/core/src/main/java/org/jboss/ejb3/timerservice/jboss.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Thu Jul 31 09:18:30 EDT 2008
Author: wolfc
Date: 2008-07-31 09:18:29 -0400 (Thu, 31 Jul 2008)
New Revision: 76507
Modified:
projects/ejb3/trunk/core/src/main/java/org/jboss/ejb3/timerservice/jboss/JBossTimerServiceFactory.java
projects/ejb3/trunk/core/src/main/java/org/jboss/ejb3/timerservice/jboss/TimerServiceFacade.java
Log:
EJBTHREE-1446: secure timer service against disallowed invocations
Modified: projects/ejb3/trunk/core/src/main/java/org/jboss/ejb3/timerservice/jboss/JBossTimerServiceFactory.java
===================================================================
--- projects/ejb3/trunk/core/src/main/java/org/jboss/ejb3/timerservice/jboss/JBossTimerServiceFactory.java 2008-07-31 13:17:51 UTC (rev 76506)
+++ projects/ejb3/trunk/core/src/main/java/org/jboss/ejb3/timerservice/jboss/JBossTimerServiceFactory.java 2008-07-31 13:18:29 UTC (rev 76507)
@@ -24,6 +24,7 @@
import javax.ejb.TimerService;
import javax.management.ObjectName;
+import org.jboss.ejb.AllowedOperationsAssociation;
import org.jboss.ejb.txtimer.EJBTimerService;
import org.jboss.ejb3.Container;
import org.jboss.ejb3.EJBContainer;
@@ -118,6 +119,17 @@
// FIXME: do not assume that a TimedObjectInvoker is an EJBContainer
ClassLoader loader = container.getClassloader();
- getEJBTimerService().restoreTimers(timerService.getContainerId(), loader);
+ // FIXME: A hack to circumvent the check in TimerServiceFacade
+ // In AS itself (/EJB2) the container has an unsecured timer service association
+ // see org.jboss.ejb.Container.getTimerService(Object pKey)
+ AllowedOperationsAssociation.pushInMethodFlag(AllowedOperationsAssociation.IN_BUSINESS_METHOD);
+ try
+ {
+ getEJBTimerService().restoreTimers(timerService.getContainerId(), loader);
+ }
+ finally
+ {
+ AllowedOperationsAssociation.popInMethodFlag();
+ }
}
}
Modified: projects/ejb3/trunk/core/src/main/java/org/jboss/ejb3/timerservice/jboss/TimerServiceFacade.java
===================================================================
--- projects/ejb3/trunk/core/src/main/java/org/jboss/ejb3/timerservice/jboss/TimerServiceFacade.java 2008-07-31 13:17:51 UTC (rev 76506)
+++ projects/ejb3/trunk/core/src/main/java/org/jboss/ejb3/timerservice/jboss/TimerServiceFacade.java 2008-07-31 13:18:29 UTC (rev 76507)
@@ -21,6 +21,10 @@
*/
package org.jboss.ejb3.timerservice.jboss;
+import static org.jboss.ejb.AllowedOperationsFlags.IN_BUSINESS_METHOD;
+import static org.jboss.ejb.AllowedOperationsFlags.IN_EJB_TIMEOUT;
+import static org.jboss.ejb.AllowedOperationsFlags.IN_SERVICE_ENDPOINT_METHOD;
+
import java.io.Serializable;
import java.util.Collection;
import java.util.Date;
@@ -30,11 +34,12 @@
import javax.ejb.TimerService;
import javax.management.ObjectName;
+import org.jboss.ejb.AllowedOperationsAssociation;
import org.jboss.ejb3.Container;
import org.jboss.ejb3.EJBContainer;
/**
- * Comment
+ * Holds the association with the container, without exposing it.
*
* @author <a href="mailto:carlo.dewolf at jboss.com">Carlo de Wolf</a>
* @version $Revision: $
@@ -51,23 +56,33 @@
this.delegate = delegate;
}
+ private void assertAllowedIn(String timerMethod)
+ {
+ // TODO: This isn't handled by the AS timer service itself
+ AllowedOperationsAssociation.assertAllowedIn(timerMethod, IN_BUSINESS_METHOD | IN_EJB_TIMEOUT | IN_SERVICE_ENDPOINT_METHOD);
+ }
+
public Timer createTimer(Date initialExpiration, long intervalDuration, Serializable info) throws IllegalArgumentException, IllegalStateException, EJBException
{
+ assertAllowedIn("TimerService.createTimer");
return delegate.createTimer(initialExpiration, intervalDuration, info);
}
public Timer createTimer(Date expiration, Serializable info) throws IllegalArgumentException, IllegalStateException, EJBException
{
+ assertAllowedIn("TimerService.createTimer");
return delegate.createTimer(expiration, info);
}
public Timer createTimer(long initialDuration, long intervalDuration, Serializable info) throws IllegalArgumentException, IllegalStateException, EJBException
{
+ assertAllowedIn("TimerService.createTimer");
return delegate.createTimer(initialDuration, intervalDuration, info);
}
public Timer createTimer(long duration, Serializable info) throws IllegalArgumentException, IllegalStateException, EJBException
{
+ assertAllowedIn("TimerService.createTimer");
return delegate.createTimer(duration, info);
}
@@ -81,8 +96,9 @@
return container.getObjectName();
}
- public Collection getTimers() throws IllegalStateException, EJBException
+ public Collection<?> getTimers() throws IllegalStateException, EJBException
{
+ assertAllowedIn("TimerService.getTimers");
return delegate.getTimers();
}
}
More information about the jboss-cvs-commits
mailing list