[jboss-cvs] JBossAS SVN: r81567 - projects/ejb3/trunk/core/src/main/java/org/jboss/ejb3/security.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Tue Nov 25 14:28:00 EST 2008
Author: anil.saldhana at jboss.com
Date: 2008-11-25 14:28:00 -0500 (Tue, 25 Nov 2008)
New Revision: 81567
Modified:
projects/ejb3/trunk/core/src/main/java/org/jboss/ejb3/security/Ejb3AuthenticationInterceptorv2.java
projects/ejb3/trunk/core/src/main/java/org/jboss/ejb3/security/RunAsSecurityInterceptorv2.java
Log:
EJBTHREE-1601: bring back explicit run as check
Modified: projects/ejb3/trunk/core/src/main/java/org/jboss/ejb3/security/Ejb3AuthenticationInterceptorv2.java
===================================================================
--- projects/ejb3/trunk/core/src/main/java/org/jboss/ejb3/security/Ejb3AuthenticationInterceptorv2.java 2008-11-25 18:29:46 UTC (rev 81566)
+++ projects/ejb3/trunk/core/src/main/java/org/jboss/ejb3/security/Ejb3AuthenticationInterceptorv2.java 2008-11-25 19:28:00 UTC (rev 81567)
@@ -34,6 +34,8 @@
import org.jboss.ejb3.annotation.SecurityDomain;
import org.jboss.logging.Logger;
import org.jboss.security.ISecurityManagement;
+import org.jboss.security.RunAs;
+import org.jboss.security.RunAsIdentity;
import org.jboss.security.SecurityContext;
import org.jboss.security.SecurityUtil;
import org.jboss.security.javaee.EJBAuthenticationHelper;
@@ -126,7 +128,7 @@
{
throw new RuntimeException(e);
}
- boolean trustedCaller = helper.isTrusted();
+ boolean trustedCaller = hasIncomingRunAsIdentity(sc) || helper.isTrusted();
if(!trustedCaller)
{
Subject subject = new Subject();
@@ -181,5 +183,12 @@
private ISecurityManagement getSecurityManagement() throws Exception
{
Class<?> clazz = SecurityActions.loadClass("org.jboss.security.integration.JNDIBasedSecurityManagement");
- return (ISecurityManagement) clazz.newInstance(); }
+ return (ISecurityManagement) clazz.newInstance();
+ }
+
+ private boolean hasIncomingRunAsIdentity(SecurityContext sc)
+ {
+ RunAs incomingRunAs = sc.getIncomingRunAs();
+ return incomingRunAs != null && incomingRunAs instanceof RunAsIdentity;
+ }
}
\ No newline at end of file
Modified: projects/ejb3/trunk/core/src/main/java/org/jboss/ejb3/security/RunAsSecurityInterceptorv2.java
===================================================================
--- projects/ejb3/trunk/core/src/main/java/org/jboss/ejb3/security/RunAsSecurityInterceptorv2.java 2008-11-25 18:29:46 UTC (rev 81566)
+++ projects/ejb3/trunk/core/src/main/java/org/jboss/ejb3/security/RunAsSecurityInterceptorv2.java 2008-11-25 19:28:00 UTC (rev 81567)
@@ -24,9 +24,9 @@
import org.jboss.aop.advice.Interceptor;
import org.jboss.aop.joinpoint.Invocation;
import org.jboss.aop.joinpoint.MethodInvocation;
-import org.jboss.ejb3.EJBContainer;
+import org.jboss.ejb3.EJBContainer;
import org.jboss.ejb3.annotation.SecurityDomain;
-import org.jboss.logging.Logger;
+import org.jboss.ejb3.mdb.MessagingContainer;
import org.jboss.security.RunAsIdentity;
import org.jboss.security.SecurityContext;
@@ -38,8 +38,7 @@
* @version $Revision: 61914 $
*/
public class RunAsSecurityInterceptorv2 implements Interceptor
-{
- private static final Logger log = Logger.getLogger(RunAsSecurityInterceptorv2.class);
+{
private RunAsIdentity runAsIdentity;
private EJBContainer container;
@@ -50,38 +49,46 @@
}
protected RunAsIdentity getRunAsIdentity(Invocation invocation)
- {
- MethodInvocation mi = (MethodInvocation)invocation;
+ {
return runAsIdentity;
}
+ /**
+ * @see Interceptor#invoke(Invocation)
+ */
public Object invoke(Invocation invocation) throws Throwable
{
+ SecurityContext cachedContext = null;
+
//Check for ejbTimeOut
SecurityHelper shelper = new SecurityHelper();
if(shelper.isEJBTimeOutCallback(((MethodInvocation) invocation).getMethod()))
return invocation.invokeNext();
SecurityContext sc = SecurityActions.getSecurityContext();
+
+ cachedContext = sc;
+
/**
- * If Existing SecurityContext is null, it means that we have not gone
- * through AuthenticationInterceptor. This is probably because
- * we are an MDB. So create a new SecurityContext
+ * An MDB always starts with a null security context coming in
*/
+ if(container instanceof MessagingContainer)
+ {
+ sc = null;
+ }
+
if(sc == null)
{
- SecurityDomain domain = (SecurityDomain)container.resolveAnnotation(SecurityDomain.class);
+ SecurityDomain domain = (SecurityDomain)container.getAnnotation(SecurityDomain.class);
if(domain != null)
{
sc = SecurityActions.createSecurityContext(domain.value());
SecurityActions.setSecurityContext(sc);
}
}
+ if(sc != null)
+ sc.setOutgoingRunAs(runAsIdentity);
- if(sc != null)
- {
- sc.setOutgoingRunAs(runAsIdentity);
- }
try
{
return invocation.invokeNext();
@@ -90,12 +97,15 @@
{
if(sc != null)
SecurityActions.popRunAs();
+ SecurityActions.setSecurityContext(cachedContext);
}
}
-
+ /**
+ * @see Interceptor#getName()
+ */
public String getName()
{
return getClass().getName();
}
-}
+}
\ No newline at end of file
More information about the jboss-cvs-commits
mailing list