[jboss-cvs] JBossAS SVN: r73334 - in trunk: server/src/main/org/jboss/ejb and 5 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Tue May 13 03:58:58 EDT 2008
Author: anil.saldhana at jboss.com
Date: 2008-05-13 03:58:58 -0400 (Tue, 13 May 2008)
New Revision: 73334
Modified:
trunk/server/src/etc/deployers/ejb-deployer-beans.xml
trunk/server/src/main/org/jboss/ejb/Container.java
trunk/server/src/main/org/jboss/ejb/EjbModule.java
trunk/server/src/main/org/jboss/ejb/EjbModuleMBean.java
trunk/server/src/main/org/jboss/ejb/deployers/EjbDeployer.java
trunk/server/src/main/org/jboss/ejb/plugins/SecurityInterceptor.java
trunk/server/src/main/org/jboss/web/deployers/AbstractWarDeployment.java
trunk/tomcat/src/main/org/jboss/web/tomcat/service/deployers/DeployerConfig.java
trunk/tomcat/src/main/org/jboss/web/tomcat/service/deployers/TomcatDeployer.java
trunk/tomcat/src/main/org/jboss/web/tomcat/service/deployers/TomcatDeployment.java
trunk/tomcat/src/resources/war-deployers-beans.xml
Log:
JBAS-5488: Inject PolicyRegistration into the web/ejb containers
Modified: trunk/server/src/etc/deployers/ejb-deployer-beans.xml
===================================================================
--- trunk/server/src/etc/deployers/ejb-deployer-beans.xml 2008-05-13 07:07:46 UTC (rev 73333)
+++ trunk/server/src/etc/deployers/ejb-deployer-beans.xml 2008-05-13 07:58:58 UTC (rev 73334)
@@ -36,7 +36,10 @@
<property name="callByValue">false</property>
<!-- Specify an unauthenticated identity -->
- <property name="unauthenticatedIdentity">anonymous</property>
+ <property name="unauthenticatedIdentity">anonymous</property>
+
+ <!-- Specify a SecurityManagement Wrapper -->
+ <property name="policyRegistrationName">JBossSecurityPolicyRegistration</property>
<!-- Specify a SecurityManagement Wrapper -->
<property name="securityManagementName">JNDIBasedSecurityManagement</property>
Modified: trunk/server/src/main/org/jboss/ejb/Container.java
===================================================================
--- trunk/server/src/main/org/jboss/ejb/Container.java 2008-05-13 07:07:46 UTC (rev 73333)
+++ trunk/server/src/main/org/jboss/ejb/Container.java 2008-05-13 07:58:58 UTC (rev 73334)
@@ -89,6 +89,7 @@
import org.jboss.security.AnybodyPrincipal;
import org.jboss.security.AuthenticationManager;
import org.jboss.security.ISecurityManagement;
+import org.jboss.security.authorization.PolicyRegistration;
import org.jboss.security.RealmMapping;
import org.jboss.security.SimplePrincipal;
import org.jboss.system.ServiceMBeanSupport;
@@ -188,6 +189,9 @@
/** SecurityManagement Instance - holder of all security managers */
protected ISecurityManagement securityManagement;
+
+ /** PolicyRegistration - Holds Authorization Policies */
+ protected PolicyRegistration policyRegistration;
/** This is the SecurityManager */
protected AuthenticationManager sm;
@@ -335,8 +339,18 @@
public void setSecurityManagement(ISecurityManagement securityManagement)
{
this.securityManagement = securityManagement;
+ }
+
+ public PolicyRegistration getPolicyRegistration()
+ {
+ return policyRegistration;
}
+ public void setPolicyRegistration(PolicyRegistration policyRegistration)
+ {
+ this.policyRegistration = policyRegistration;
+ }
+
public String getDefaultSecurityDomain()
{
return defaultSecurityDomain;
Modified: trunk/server/src/main/org/jboss/ejb/EjbModule.java
===================================================================
--- trunk/server/src/main/org/jboss/ejb/EjbModule.java 2008-05-13 07:07:46 UTC (rev 73333)
+++ trunk/server/src/main/org/jboss/ejb/EjbModule.java 2008-05-13 07:58:58 UTC (rev 73334)
@@ -65,7 +65,7 @@
import org.jboss.metadata.XmlLoadable;
import org.jboss.mx.util.MBeanProxyExt;
import org.jboss.mx.util.ObjectNameFactory;
-import org.jboss.security.AuthenticationManager;
+import org.jboss.security.AuthenticationManager;
import org.jboss.security.ISecurityManagement;
import org.jboss.security.RealmMapping;
import org.jboss.security.SecurityConstants;
@@ -124,7 +124,7 @@
static final String BMT_VALUE = "Bean";
static final String CMT_VALUE = "Container";
static final String ANY_VALUE = "Both";
-
+
/** The security management */
private ISecurityManagement securityManagement;
@@ -162,8 +162,13 @@
/** Whether we are call by value */
private boolean callByValue;
- private ApplicationMetaData appMetaData;
+ private ApplicationMetaData appMetaData;
+ /**
+ * Policy Registration Bean (Holder of Authorization Policies)
+ */
+ private PolicyRegistration policyRegistration = null;
+
public EjbModule(final VFSDeploymentUnit unit, ApplicationMetaData metaData)
{
this.appMetaData = metaData;
@@ -221,6 +226,11 @@
{
this.securityManagement = sm;
}
+
+ public void setPolicyRegistration(PolicyRegistration policyRegistration)
+ {
+ this.policyRegistration = policyRegistration;
+ }
public EJBTimerService getTimerService()
{
@@ -456,20 +466,11 @@
VirtualFile xacmlFile = deploymentUnit.getMetaDataFile("jboss-xacml-policy.xml");
if(xacmlFile != null)
{
- InitialContext ic = new InitialContext();
- try
+ if(policyRegistration != null)
{
- PolicyRegistration policyRegistration = (PolicyRegistration) ic.lookup("java:/policyRegistration");
- if(policyRegistration != null)
- {
- policyRegistration.registerPolicy(contextID, PolicyRegistration.XACML,
- xacmlFile.toURL());
- }
- }
- catch(Exception e)
- {
- log.trace("Error in policyregistration",e);
- }
+ policyRegistration.registerPolicy(contextID, PolicyRegistration.XACML,
+ xacmlFile.toURL());
+ }
}
}
catch (Exception e)
@@ -561,22 +562,10 @@
// Unegister the permissions with the JACC layer
String contextID = appMetaData.getJaccContextID();
//Unregister any xacml policies
- String securityDomain = SecurityUtil.unprefixSecurityDomain(appMetaData.getSecurityDomain());
- if(securityDomain != null)
- {
- //Look up JNDI for the PolicyRegistration
- InitialContext ic = new InitialContext();
- try
- {
- PolicyRegistration policyRegistration = (PolicyRegistration) ic.lookup("java:/policyRegistration");
- if(policyRegistration != null)
- policyRegistration.deRegisterPolicy(contextID, PolicyRegistration.XACML);
- }
- catch(Exception e)
- {
- log.trace("Error in policy registration deregistration", e);
- }
- }
+ if(this.policyRegistration != null)
+ {
+ policyRegistration.deRegisterPolicy(contextID, PolicyRegistration.XACML);
+ }
while ( iter.hasPrevious() )
{
@@ -639,6 +628,7 @@
con.setRealmMapping(null);
con.setSecurityProxy(null);
con.setSecurityManagement(null);
+ con.setPolicyRegistration(null);
con.proxyFactories.clear();
}
@@ -891,6 +881,7 @@
container.setRealmMapping(rM);
container.setSecurityManagement(securityManagement);
+ container.setPolicyRegistration(policyRegistration);
container.setDefaultSecurityDomain((String) unit.getAttachment("EJB.defaultSecurityDomain"));
container.setSecurityContextClassName((String) unit.getAttachment("EJB.securityContextClassName"));
Modified: trunk/server/src/main/org/jboss/ejb/EjbModuleMBean.java
===================================================================
--- trunk/server/src/main/org/jboss/ejb/EjbModuleMBean.java 2008-05-13 07:07:46 UTC (rev 73333)
+++ trunk/server/src/main/org/jboss/ejb/EjbModuleMBean.java 2008-05-13 07:58:58 UTC (rev 73334)
@@ -25,6 +25,7 @@
import org.jboss.ejb.txtimer.EJBTimerService;
import org.jboss.security.ISecurityManagement;
+import org.jboss.security.authorization.PolicyRegistration;
import org.jboss.tm.TransactionManagerFactory;
/**
@@ -40,7 +41,7 @@
*/
java.util.Collection getContainers() ;
-
+ void setPolicyRegistration(PolicyRegistration policyRegistration);
void setSecurityManagement(ISecurityManagement sm);
void setTransactionManagerFactory(TransactionManagerFactory tmFactory);
public ObjectName getWebServiceName();
Modified: trunk/server/src/main/org/jboss/ejb/deployers/EjbDeployer.java
===================================================================
--- trunk/server/src/main/org/jboss/ejb/deployers/EjbDeployer.java 2008-05-13 07:07:46 UTC (rev 73333)
+++ trunk/server/src/main/org/jboss/ejb/deployers/EjbDeployer.java 2008-05-13 07:58:58 UTC (rev 73334)
@@ -91,6 +91,11 @@
private String defaultSecurityDomain;
/**
+ * Inject Policy Registration Bean Name
+ */
+ private String policyRegistrationName;
+
+ /**
* Create a new EjbDeployer.
*/
public EjbDeployer()
@@ -185,8 +190,26 @@
public void setSecurityContextClassName(String securityContextClassName)
{
this.securityContextClassName = securityContextClassName;
+ }
+
+ /**
+ * Get the PolicyRegistration Name
+ * @return
+ */
+ public String getPolicyRegistration()
+ {
+ return policyRegistrationName;
}
+ /**
+ * Set the Policy Registration Bean Name
+ * @param policyRegistration
+ */
+ public void setPolicyRegistrationName(String policyRegistration)
+ {
+ this.policyRegistrationName = policyRegistration;
+ }
+
@Override
public void deploy(VFSDeploymentUnit unit, JBossMetaData deployment)
throws DeploymentException
@@ -239,6 +262,12 @@
ServiceInjectionValueMetaData injectionValue = new ServiceInjectionValueMetaData(securityManagementName);
attr.setValue(injectionValue);
attrs.add(attr);
+ //Policy Registration
+ attr = new ServiceAttributeMetaData();
+ attr.setName("PolicyRegistration");
+ ServiceInjectionValueMetaData prInjectionValue = new ServiceInjectionValueMetaData(policyRegistrationName);
+ attr.setValue(prInjectionValue);
+ attrs.add(attr);
// Add injection of the WebServiceName
String wsName = getWebServiceName();
if (wsName != null)
Modified: trunk/server/src/main/org/jboss/ejb/plugins/SecurityInterceptor.java
===================================================================
--- trunk/server/src/main/org/jboss/ejb/plugins/SecurityInterceptor.java 2008-05-13 07:07:46 UTC (rev 73333)
+++ trunk/server/src/main/org/jboss/ejb/plugins/SecurityInterceptor.java 2008-05-13 07:58:58 UTC (rev 73334)
@@ -48,6 +48,7 @@
import org.jboss.security.SecurityRolesAssociation;
import org.jboss.security.SecurityUtil;
import org.jboss.security.identity.plugins.SimpleRoleGroup;
+import org.jboss.security.javaee.AbstractEJBAuthorizationHelper;
import org.jboss.security.javaee.EJBAuthenticationHelper;
import org.jboss.security.javaee.SecurityHelperFactory;
import org.jboss.system.Registry;
@@ -88,7 +89,7 @@
protected Map securityRoles;
//A map of principal versus roles from jboss-app.xml/jboss.xml
- protected Map deploymentRoles;
+ protected Map<String,Set<String>> deploymentRoles;
// The observer to be notified when principal authentication fails.
// This is a hook for the CSIv2 code. The authenticationObserver may
@@ -367,8 +368,11 @@
SecurityContext currentSC = SecurityActions.getSecurityContext();
if(currentSC.getSecurityManagement() == null)
currentSC.setSecurityManagement(securityManagement);
-
- isAuthorized = SecurityHelperFactory.getEJBAuthorizationHelper(sc).authorize(ejbName,
+
+ AbstractEJBAuthorizationHelper authorizationHelper = SecurityHelperFactory.getEJBAuthorizationHelper(sc);
+ authorizationHelper.setPolicyRegistration(container.getPolicyRegistration());
+
+ isAuthorized = authorizationHelper.authorize(ejbName,
ejbMethod,
mi.getPrincipal(),
mi.getType().toInterfaceString(),
Modified: trunk/server/src/main/org/jboss/web/deployers/AbstractWarDeployment.java
===================================================================
--- trunk/server/src/main/org/jboss/web/deployers/AbstractWarDeployment.java 2008-05-13 07:07:46 UTC (rev 73333)
+++ trunk/server/src/main/org/jboss/web/deployers/AbstractWarDeployment.java 2008-05-13 07:58:58 UTC (rev 73334)
@@ -64,7 +64,7 @@
import org.jboss.naming.Util;
import org.jboss.security.ISecurityManagement;
import org.jboss.security.authorization.PolicyRegistration;
-import org.jboss.web.WebApplication;
+import org.jboss.web.WebApplication;
import org.jboss.wsf.spi.deployment.UnifiedVirtualFile;
import org.omg.CORBA.ORB;
@@ -121,6 +121,12 @@
* The default security-domain name to use
*/
protected String defaultSecurityDomain;
+
+ /** The Security PolicyRegistration Name **/
+ protected String policyRegistrationName;
+
+ /** The Security PolicyRegistration **/
+ protected PolicyRegistration policyRegistration;
/** The security management name */
protected String securityManagementName;
@@ -273,6 +279,42 @@
}
/**
+ * Get the Policy Registration Name
+ * @return
+ */
+ public String getPolicyRegistrationName()
+ {
+ return policyRegistrationName;
+ }
+
+ /**
+ * Set the Policy Registration Name
+ * @param policyRegistrationName
+ */
+ public void setPolicyRegistrationName(String policyRegistrationName)
+ {
+ this.policyRegistrationName = policyRegistrationName;
+ }
+
+ /**
+ * Get the PolicyRegistration Bean
+ * @return
+ */
+ public PolicyRegistration getPolicyRegistration()
+ {
+ return policyRegistration;
+ }
+
+ /**
+ * Set the PolicyRegistration Bean
+ * @param policyRegistration
+ */
+ public void setPolicyRegistration(PolicyRegistration policyRegistration)
+ {
+ this.policyRegistration = policyRegistration;
+ }
+
+ /**
* Get the securityManagement.
*
* @return the securityManagement.
@@ -290,7 +332,7 @@
public void setSecurityManagementName(String securityManagement)
{
this.securityManagementName = securityManagement;
- }
+ }
/**
* Get the securityManagement.
@@ -406,28 +448,7 @@
{
URL warURL = webApp.getURL();
String warUrl = warURL.toString();
- performUndeploy(webApp, warUrl);
- // Unregister the permissions with the JACC layer
- JBossWebMetaData metaData = webApp.getMetaData();
- String contextID = metaData.getJaccContextID();
- //Unregister any xacml policies
- String prefixedSecurityDomain = webApp.getMetaData().getSecurityDomain();
- if(prefixedSecurityDomain != null)
- {
- InitialContext ic = new InitialContext();
- try
- {
- PolicyRegistration policyRegistration = (PolicyRegistration) ic.lookup("java:/policyRegistration");
- if(policyRegistration != null)
- {
- policyRegistration.deRegisterPolicy(contextID, PolicyRegistration.XACML);
- }
- }
- catch(Exception e)
- {
- log.trace("Error in policyRegistration",e);
- }
- }
+ performUndeploy(webApp, warUrl);
}
/**
Modified: trunk/tomcat/src/main/org/jboss/web/tomcat/service/deployers/DeployerConfig.java
===================================================================
--- trunk/tomcat/src/main/org/jboss/web/tomcat/service/deployers/DeployerConfig.java 2008-05-13 07:07:46 UTC (rev 73333)
+++ trunk/tomcat/src/main/org/jboss/web/tomcat/service/deployers/DeployerConfig.java 2008-05-13 07:58:58 UTC (rev 73334)
@@ -24,9 +24,8 @@
import java.net.URL;
import javax.management.ObjectName;
-
+
import org.jboss.metadata.web.jboss.JBossWebMetaData;
-import org.jboss.security.ISecurityManagement;
import org.jboss.security.plugins.JaasSecurityManagerServiceMBean;
/**
@@ -111,8 +110,6 @@
/** The service used to flush authentication cache on session invalidation. */
private JaasSecurityManagerServiceMBean secMgrService;
- /** The JBoss Security Manager Wrapper */
- private String securityManagement;
/** FQN of the SecurityContext Class */
private String securityContextClassName;
Modified: trunk/tomcat/src/main/org/jboss/web/tomcat/service/deployers/TomcatDeployer.java
===================================================================
--- trunk/tomcat/src/main/org/jboss/web/tomcat/service/deployers/TomcatDeployer.java 2008-05-13 07:07:46 UTC (rev 73333)
+++ trunk/tomcat/src/main/org/jboss/web/tomcat/service/deployers/TomcatDeployer.java 2008-05-13 07:58:58 UTC (rev 73334)
@@ -149,6 +149,8 @@
private String[] filteredPackages;
private boolean runtimeLifecycleCoupled = false;
+
+ private String policyRegistrationName;
public TomcatDeployer()
{
@@ -309,6 +311,11 @@
this.secMgrService = mgr;
}
+ public void setPolicyRegistrationName(String policyRegistration)
+ {
+ this.policyRegistrationName = policyRegistration;
+ }
+
public void setSecurityManagementName(String securityManagement)
{
this.securityManagement = securityManagement;
@@ -493,6 +500,7 @@
config.setSecurityContextClassName(securityContextClassName);
deployment.setSecurityManagementName(securityManagement);
+ deployment.setPolicyRegistrationName(policyRegistrationName);
//Check if there are any xacml policy files
VirtualFile vf = unit.getMetaDataFile("jboss-xacml-policy.xml");
Modified: trunk/tomcat/src/main/org/jboss/web/tomcat/service/deployers/TomcatDeployment.java
===================================================================
--- trunk/tomcat/src/main/org/jboss/web/tomcat/service/deployers/TomcatDeployment.java 2008-05-13 07:07:46 UTC (rev 73333)
+++ trunk/tomcat/src/main/org/jboss/web/tomcat/service/deployers/TomcatDeployment.java 2008-05-13 07:58:58 UTC (rev 73334)
@@ -433,19 +433,10 @@
URL xacmlPolicyFile = this.config.getXacmlPolicyURL();
if (xacmlPolicyFile != null)
{
- InitialContext ic = new InitialContext();
- try
+ if(this.policyRegistration != null)
{
- PolicyRegistration policyRegistration = (PolicyRegistration) ic.lookup("java:/policyRegistration");
- if(policyRegistration != null)
- {
- policyRegistration.registerPolicy(contextID, PolicyRegistration.XACML, xacmlPolicyFile);
- }
+ policyRegistration.registerPolicy(contextID, PolicyRegistration.XACML, xacmlPolicyFile);
}
- catch(Exception e)
- {
- log.trace("Error in policyRegistration",e);
- }
}
}
@@ -671,7 +662,16 @@
// Contexts should be stopped by the host already
server.invoke(objectName, "destroy", new Object[] {}, new String[] {});
}
-
+
+ //Deregister xacml policies
+ URL xacmlPolicyFile = this.config.getXacmlPolicyURL();
+ if (xacmlPolicyFile != null)
+ {
+ if(this.policyRegistration != null)
+ {
+ policyRegistration.deRegisterPolicy(metaData.getJaccContextID(), PolicyRegistration.XACML);
+ }
+ }
}
/**
Modified: trunk/tomcat/src/resources/war-deployers-beans.xml
===================================================================
--- trunk/tomcat/src/resources/war-deployers-beans.xml 2008-05-13 07:07:46 UTC (rev 73333)
+++ trunk/tomcat/src/resources/war-deployers-beans.xml 2008-05-13 07:58:58 UTC (rev 73334)
@@ -200,6 +200,9 @@
<inject bean="jboss.security:service=JaasSecurityManager" />
</property>
+ <!-- Specify a Bean for JBoss Security PolicyRegistration -->
+ <property name="policyRegistrationName">JBossSecurityPolicyRegistration</property>
+
<!-- Specify a SecurityManagement Wrapper -->
<property name="securityManagementName">JNDIBasedSecurityManagement</property>
More information about the jboss-cvs-commits
mailing list